Telegram, a widely used messaging app, has emerged as a viable alternative to dark web forums. Threat actors are increasingly misusing the internet to create underground channels where they can sell stolen financial information to users.
Telegram abuses are on the rise
- Cybersixgill researchers discovered that compromised credit cards from most popular financial institutions are a lucrative commodity on Telegram-based illicit markets.
- Visa, MasterCard, Western Union, Bank of America, and Chase Bank provide these cards.
- The cards sold on Telegram are similar to those on dark web markets: one contains CVV/CVV2 information, while the other contains information like the cardholder’s name, account number and other details.
- The dumps can be used by threat actors to create a physical copy of a card, which will then be usable in-person.
- Based on the level of the bank account and the freshness of the data, the prices vary from $15 to $1500 per card.
Observed malicious activities
- Aside from selling stolen credit cards, the messaging network is also used to spread malware.
- Researchers discovered a malicious Telegram for Desktop installation used to spread Purple Fox malware in the first week of January. To deceive users, the installation was compiled in an AutoIt script called ‘Telegram Desktop.exe.’
- In an attempt to steal crypto wallets from users, a new edition of Echelon infostealer used the Telegram channel as a propagation route.
- Furthermore, the threat actors behind the RedLine stealer were discovered using an abused Telegram service to steal credentials from browsers, VPNs, FTP servers, cookies, cryptocurrency wallets, and more.
Cybercrime thrives on Telegram, as more and more threat actors turn to the encrypted chat platform to achieve their harmful goals. Telegram should ensure that, with over 500 million active users, it does not become a future attack surface for illicit hacking, online fraud, and other criminal activities.