Learn about the large-scale Telegram account theft scheme exploiting mini-apps and psychological tactics. Protect your account from scammers targeting group chats.
© RusPhotoBank
Cybersecurity experts have uncovered a large-scale Telegram account theft scheme that exploits built-in mini-apps and psychological pressure tactics. Scammers target group chats with many unfamiliar participants, posting messages about "chat migration" and claiming an administrator has lost access. They then urge users to follow a link to a "new chat."
Clicking the link opens a built-in mini-app that requests a five-digit code. Entering this code adds a new device to the victim's account, giving attackers full control. Initially, access to chat history is limited, but over time, scammers can read messages, terminate the owner's active sessions, and use the account to message other users.
This scheme is particularly dangerous because all malicious activity occurs within Telegram itself, without redirecting to external websites, making it harder to detect. The chat migration messages appear convincing, and users often remain unaware of the threat.
Compromised accounts are used for financial fraud, altering payment details in money transfers, spamming the victim's contacts, and undermining the security of business communications. Experts warn that hijacked accounts can be reused to launch new attacks on other users.
If you've already entered the code, act quickly: go to your account settings, navigate to Privacy → Active Sessions, and terminate all unfamiliar sessions. A prompt response can help you regain control and minimize the damage.