Cybercriminals are flocking to Telegram to buy, sell, and distribute stolen data along with hacking tools, according to the popular instant messaging service. According to a new study, threat actors are considering Telegram as their new channel of choice for conducting their nefarious activities.
What is happening?
- According to a collaborative investigation by academics from a cybersecurity group and the Financial Times, fraudsters have increased their use of Telegram by 100 percent.
- The messaging app is being used by a big number of hackers to distribute hacked data in groups or channels with tens of thousands of members.
- Over the last year, the number of stolen emails and passwords with the phrases ‘Email:pass’ and ‘Combo’ has increased fourfold.
- In one case, a channel called ‘Combolist’ was shut down when it was discovered to be a marketplace for stolen bank data, personal documents, malware, hacking methods, and online account credentials. It had over 47,000 members.
- Copies of passports, exploits, and credit card information are among the other items traded on the Telegram channel.
Why Telegram?
A number of operational benefits have been attributed to the platform’s increased use among threat actors:
- Telegram, unlike the dark web, is a legal and simple-to-use application that isn’t banned by antivirus or network management software.
- Since the registration process simply requires a phone number, attackers can stay anonymous.
- Telegram can make it easier for fraudsters to find buyers in some situations.
- Furthermore, attackers can use Telegram’s unique communication characteristics to steal data from victims’ computers or distribute harmful files to infected workstations.
Other nefarious Telegram usages –
Researchers have voiced concerns in recent months about fraudsters using Telegram to avoid detection.
- In the first quarter of 2021, researchers recorded more than 130 intrusions that used Telegram to spread the ToxicEye malware.
- After infection, the RAT allows attackers to take complete control of a victim’s computer and perform a variety of additional nefarious activities.
- Threat actors used the chat app to sell fraudulent COVID-19 immunization cards, in addition to infecting them with malware.
Although Telegram has taken attempts to shut down these harmful groups, some remain active and no action has been done against them. The fact that cybercriminals are using Telegram implies a significant increase in cybercrime. Telegram should ensure that, with over 500 million active users, it does not become a future attack surface for illicit hacking, online fraud, and other criminal activities.
To read more, please check eScan Blog
