The government response team CERT-UA received information about the distribution of messages via the @reserveplusbot account about the need to install “special software” with the attached archive RESERVPLUS.zip.
CERT-UA found that the archive contains MEDUZASTEALER malware, which steals files.
The @reserveplusbot account was created under the guise of a Telegram bot that imitates the technical support of the application for conscripts, persons liable for military service and reservists “Reserve+”. It should be noted that in May 2024, such an account was indeed listed as one of the technical support contacts of “Reserve+”.
The CERT-UA team is investigating the details of the incident and taking measures to minimize the threat. Experts note that the links to the contact in the Telegram messenger, which were published earlier, in particular on the official pages of government agencies, currently lead to a malicious account. Therefore, they ask you to refrain from interacting with the @reserveplusbot Telegram account and downloading any files from it.
The post A malware is spreading on Telegram as if from Reserve+ support first appeared on HiTechExpert.top.