Threat actors have created a perfect ecosystem on Telegram and other messenger apps, right from selling phishing kits to private data.
When brothers Nikolai and Pavel Durov founded Telegram in 2013, little did they know that the platform will become a hotbed for cybercrooks.
Cybercriminals have been using the platform to share information related around cybercrime techniques and distribute malicious tools such as password-stealing Trojans, keyloggers and ransomware.
In addition, it is also being used to facilitate the sale of stolen data and illicit goods and to recruit new members for criminal activities, according to a report by Israel-based cybercrime intelligence company KELA.
According to the findings, Telegram is favored by hackers as it prioritises privacy and security. The Secret Chat feature of the platform provides end-to-end encryption so that only the sender and receiver can read the messages.
“This makes it difficult for anyone who is not involved in the chat to intercept and read the messages without being intercepted by third parties. This is a critical feature for consumers who value their privacy and wish to safeguard their personal information,” states the KELA report.
The anonymity of Telegram is another reason why it appeals to hackers. Users can register on Telegram without disclosing personal information, making it simple to set up many identities and use them to converse without revealing one’s real identity. “Because of this anonymity, law enforcement organisations have a tough time tracking down and identifying individuals who are using the program for illicit activities,” as per the report from KELA.
According to a Kaspersky report, to promote their “goods”, phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, “What type of personal data do you prefer?”. Links to the channels are spread via YouTube, GitHub and phishing kits they make.
A wide range of personal identifying information (PII), including Social Security numbers, driver’s license numbers, passports, dates of birth, and physical and email addresses have been sold and shared on Telegram channels.
But what is the reason for these threat actors to generously share valuable data with others instead of making the most if it themselves?
Kaspersky explains in the report that, “sharing free content or manuals willingly by scammers to their Telegram audience serve as bait of sorts for less experienced phishers to bite. Newbies get a taste of what phishing tools can do, pull off their first scam and wish for more, which is when they will be offered paid content.”
Don’t mind your language
While English is the preferred language for cybercriminals on Telegram, many Telegram groups and channels dedicated to certain regions or languages, allow flexibility to converse and exchange information in their native dialect like Chinese, Russian, and Arabic.
The Translate tool added to the conversations feature of Telegram now makes it easier for people to interact across languages. This ability to reach out and be understood in different languages gives cybercriminals a global platform. “This can result in crimes being carried out on a greater scale, making it more difficult for law enforcement authorities to hunt and shut them down,” finds the KELA report.
Other messenger applications that have gained popularity among cybercriminals include Discord, Jabber, Tox and Wickr.
Some cybercrime groups on Telegram: Source KELA
SiegedSec
Date of creation: April 2022
Specialty: Shares corporate, education and government-related databases.
Current status: Extinct. In November 2022, the group announced its retirement from hacking and leaking and disclosed the nicknames of its members.
REDLINEVIP and Palm Team
Date of creation: September 2021
Specialty: The owner of the channel, Rdx (@Fatherofcarders), started sharing logs on the carding forum CrdPro in October 2021, and a month later the channel was promoted on other cybercrime forums. Over the years, the operators have increased the prices, almost doubling the price for permanent access to the private logs cloud service, from USD 2,200 to USD 4,000. On December 7, 2022, the actor claimed that the private group allows access to 4 million logs.
CHECKS GRUB SHOP
Date of creation: August 30, 2021
Specialty: CHECKS GRUB SHOP sells credit card information, counterfeit and stolen valid checks, and bank logs. Currently, the group has over 8,100 members, while the channel is inactive and has only around 300 members.
