New Scheme for Hijacking Telegram Bot Names and Usernames
A few days ago, a guy from the account @GreatChinas with the ID: 6778690281 and the name 人民之神 knocked on my personal message
He offered to buy the domain of one of my bots @krymbot for 300 TON (currently about 150,000₽, at the time of the request about 200,000₽).
Usually, the owner of the bot is not visible, but all my bots display a message that the bot is in development and the fact of the request did not surprise me. The lack of preludes, bargaining and questions immediately told me that this was a scammer and I decided to look at the scheme, because there were no plans to use the name.
The scammer suggested making a deal through Fragment, although I know that only channel and user names are sold there, but not bots. I checked – indeed, bots are not sold there. I decided to continue the conversation to understand his next tactic. When I said that I cannot put the bot up for sale, he said “you can, others do it”, but he does not send instructions. Surprised me at this point.
Then he said: “Someone told me that the robot should replace your username, and then it will appear in front of you, and you can set the price”, yeah, that's more interesting, you need to swap the names, it's a vulnerability, this is how VK groups' domains were stolen. I asked again and got the answer that I need to transfer the bot name to the username. Since the names of the bot owners are not visible, I assumed that the goal is not the bot domain, but my username, which will then be used for extortion and phishing. By the way, I didn't know that a username can end in “Bot”, but after trying to change the username on one of the accounts, I was convinced that this is real. I decided to play it safe and move on. I didn't want to be deceived, so I decided to do everything on the third account, which the scammer doesn't know about, and even if he does, I don't use it and the name is of no value to me. According to Telegram rules, having refused a user name, its owner has the primary right to restore it within 15-30 minutes (according to various sources) (other users do not see the name as free during this time). It turned out that this does not apply to bots, immediately after deleting the bot, the bot's domain name became occupied and it became impossible to use it either as a user name or to register the bot on the owner's account.
I asked the scammer, “I did everything and you took the name for yourself at that moment when I deleted the bot. When will you send the money?”, so far there was silence in response. I wrote a complaint about the bot name, but it is unlikely to be satisfied, since formally I deleted the bot myself and another user registered it after the deletion.
Conclusions:
– crooked language, hieroglyphs, the name “God of people” in Chinese, etc. indicate that the scammers are most likely from China or that a userbot is working entirely;
— The scheme is working, requests for the attacked name are coming in constantly;
— The main goal is to steal the bot’s name;
— Both the bot name and the user name may be at risk.
— The bot owner's name is hidden, so preparing an attack requires effort.
— Changing the bot's username via the Telegram API is impossible, and the attacker has to use the userbot API, which increases the risk of blocking.
This information is provided to ensure user safety and prevent fraud with Telegram bot and user names. Please share so that others can avoid similar attacks.
Read about bot development, my “Bot in a Notepad” constructor and experiments on the channel: https://t.me/BotNotePad
![[Личный опыт] Montenegro is a country like a dream. The easiest moving story](https://prog.world/wp-content/uploads/2021/03/w3oeznc3rtoodu0d5rkrsuwih3y-768x403.jpeg)
