Researchers have uncovered a large fraud operation, dubbed FEMITBOT, that abuses Telegram’s Mini Apps — the small programs that run directly inside Telegram chats — to con users into fake cryptocurrency investments. The scam impersonates well-known brands including Apple, Disney, NVIDIA, IBM, and the BBC to make fake “crypto trading dashboards” appear legitimate, complete with fabricated account balances and countdown timers designed to pressure you into depositing money you will never see again.
Beyond the crypto fraud, some of these Telegram Mini Apps also trick Android users into downloading malware disguised as familiar apps. The infected APK files are distributed directly from Telegram chats, bypassing the Google Play Store’s safety checks. If you installed an app from a Telegram chat or an in-app browser on your Android device, your phone may be at risk.
How to check if you’re affected
Affected devices include any Android phone or tablet where you use Telegram. Check the following:
- Review installed apps: On Android, go to Settings → Apps and look for anything unfamiliar that you don’t remember downloading from the Play Store.
- Check for sideloaded apps: Go to Settings → Apps → Special App Access → Install Unknown Apps, and verify that no app has this permission enabled unexpectedly.
- Inspect your Telegram chats: If a contact or bot sent you a Mini App promoting crypto investments or guaranteed returns, block the sender immediately and do not deposit any funds.
- Never sideload APKs from Telegram: Always download apps exclusively from the official Google Play Store on your Android device — never from links inside chats or in-app browsers.