Telekopye [1] [2] [3] [4] [5] [6], a financially motivated operation believed to be built by Russians, has developed a phishing toolkit called Telekopye [4]. This toolkit is used by criminals, referred to as Neanderthals [1], to defraud unsuspecting victims [6]. In this improved text, we will provide a detailed description of the toolkit and its functionalities.


The Telekopye phishing toolkit is a malicious Telegram bot that allows scammers to conduct phishing attacks without requiring technical expertise. It has been available since at least 2015 and is regularly updated [3]. The toolkit provides scammers with easy-to-navigate menus, enabling them to create phishing websites [3] [4], send fraudulent SMS messages and emails [3] [4], and target popular online marketplaces [3] [4] [5].

The scammers build trust with their victims by posing as legitimate entities and trick them into entering sensitive information [4]. Once the victims enter their payment details [2], the scammers use the information to steal funds [2], which are then laundered through cryptocurrency [2]. The phishing domains used are designed to appear legitimate [2].

The operation has a centralized payout system [2], with funds funneled to a shared account managed by the Telekopye administrator [2]. The scammers are organized in a hierarchical system [2], with different roles such as administrators, moderators [2], good workers [2], workers [2], and blocked users [2].

To protect against these scams [2], it is recommended to insist on in-person exchanges when dealing with secondhand goods on online marketplaces and to avoid sending money unless certain of its destination [2]. It is advised to be vigilant and avoid purchasing goods from online marketplaces unless fully confident in their legitimacy [4].

The toolkit is primarily used in Russia, Uzbekistan [3] [4] [5], and Ukraine [4], and it can store sensitive user data [4]. It was discovered by ESET researchers and has been actively developed since at least 2015. The authors and users of Telekopye are believed to be based in Russia [5].


The Telekopye phishing toolkit poses a significant threat to unsuspecting victims, allowing scammers to easily carry out phishing attacks and steal funds. To mitigate the risk, individuals should be vigilant and exercise caution when engaging in online transactions, particularly on popular online marketplaces. Insisting on in-person exchanges and verifying the legitimacy of sellers can help prevent falling victim to Telekopye scammers. As this toolkit continues to be actively developed and used, it is crucial for individuals to stay informed and take necessary precautions to protect themselves from such scams.