Telegram Becomes the New Dark Web, Here’s What Cybercriminals are Selling

What’s going on?

• A joint study by Cyberint and Financial Times found that there has been a 100% rise in Telegram usage by cybercriminals.
• A large number of hackers are using the messaging platform to share leaked data in groups or channels with more than thousands of subscribers.
• Interestingly, the list of stolen emails and passwords that go by the terms ‘Email:pass’ and ‘Combo’ has risen fourfold over the past year.
• In one incident, a channel named ‘Combolist’ with more than 47,000 subscribers was shut down after it was found to be a marketplace for stolen financial data, personal documents, malware, hacking guides, and online account credentials.
• Among the other data traded on the Telegram channel include copies of passports, exploits, and credit card information.

What’s the reason?

• Unlike the dark web, Telegram is a legitimate and easy-to-use service that isn’t blocked by antivirus engines or network management tools.
• Attackers can remain anonymous as the registration process requires only a phone number.
• In some cases, it’s easier to find buyers on Telegram which makes it more convenient for cybercriminals.
• Moreover, the unique communication features of Telegram enables attackers to exfiltrate data from victim’s PCs or transfer malicious files to infected machines.

Other malicious use of Telegram

• CheckPoint said it tracked more than 130 cyberattacks in the first quarter of 2021 that distributed the ToxicEye trojan through Telegram.
• Post-infection, the RAT enables attackers to take full control over a victim’s machine and engage in a range of other nefarious activities.
• Besides malware infection, threat actors had flocked to the messaging app to sell fake COVID-19 vaccine cards.

What does this imply?