FEMITBOT Telegram Mini App Fraud Network
Summary
FEMITBOT is a large-scale, centralized fraud-as-a-service network discovered by CTM360 in April 2026 that abuses Telegram Mini Apps to operate fake cryptocurrency platforms, impersonate over 30 global brands, and distribute Android malware across more than 60 domains and 146 active bots. The network harvests Telegram initData authentication tokens to silently access victim sessions, operates in 22+ languages, and uses real-time ad-tech conversion tracking from Meta and TikTok to optimize victim recruitment at global scale. No law enforcement action or attribution to specific threat actors has been publicly confirmed as of May 2026.
Connected Entities
1 entities · 10 linked investigationsTimeline(3 events)
2026-04-01
CTM360 identifies and documents the FEMITBOT network, discovering the shared API fingerprint 'Welcome to join the FEMITBOT platform' across all attacker domains. Exact date within April not publicly specified.
CTM360 FEMITBOT Report2026-05-04
BleepingComputer, CyberSecurityNews, Hackread, TechBriefly, and multiple security outlets publish coverage of the FEMITBOT network based on the CTM360 report, bringing the threat to wider public attention.
BleepingComputer2026-05-04
CTM360 formally publishes the FEMITBOT threat report, detailing 146+ bots, 60+ domains, 30+ impersonated brands, and the initData JWT session hijacking vector.
CTM360Decision Log
- hash: 59pm9s4mF7nna3hqAVwzCVMz1dBgdCz5mKZGCk2ZzU4D
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/28/2026, 4:29:08 PM
last updated: 5/28/2026, 4:29:26 PM
avoid.net — verified advice for a post-truth world