New research highlights that threat actors consider Telegram as their new channel of choice to conduct their evil businesses.  Telegram is exploding as cyber criminals take to the popular instant messaging app to buy, sell, and share stolen data and hacking tools.

  • A large number of hackers are using the messaging platform to share leaked data in groups or channels with more than thousands of subscribers.
  • The list of stolen emails and passwords that go by the terms ‘Email:pass’ ‘Combo’ has risen fourfold over the past year.
  • A channel named ‘Combolist’ with more than 47,000 subscribers was shut down after it was found to be a marketplace for stolen financial data, personal documents, malware, hacking guides, and online account credentials.
  • Other data traded on the Telegram channel include copies of passports, exploits, and credit card information.

The reason for the increased use of the platform among threat actors is attributed to a number of operational benefits:

  • Unlike dark web, Telegram is a legitimate and easy-to-use service that isn’t blocked by antivirus engines or network management tools.
  • Attackers can remain anonymous as the registration process requires only a phone number.
  • It’s easier to find buyers on Telegram which makes it more convenient for cybercriminals.
  • The unique communication features of Telegram enables attackers to exfiltrate data from victim’s PCs or transfer malicious files to infected machines.

Though Telegram has taken steps to shut these dangerous groups, few are still operating and action against them is yet to be taken. The fact that Telegram is gaining traction among cybercriminals indicates a serious escalation in cybercrime. With over 500 million active users, Telegram should ensure that it does not become the future attack surface for illegal hacking, online fraud, and other criminal activities.