Telegram Becomes Viable Alternative to the Dark Web, Here’s How Attackers are Exploiting It

The rising concern of abuse of Telegram

• In a report from Cybersixgill, researchers revealed that compromised cards from most popular financial institutions are a lucrative commodity on Telegram-based illicit marketplaces.
• These cards belong to Chase Bank, the Bank of America, Wells Fargo, Western Union, Visa, and Mastercard.
• Just like those sold on dark web markets, cards sold on Telegram come in two forms: one that includes CVV/CVV2 information and another that contains dumps such as cardholder’s name, account number, and other valuable information.
• Threat actors can collect the dumps to create a physical clone of a card which later allows them to make in-person purchases.
• The prices range from $15 to $1500 per card, depending on the bank account balance and freshness of the data.

Other malicious activities observed

• Besides selling compromised credit cards, the messaging platform is also a channel to distribute malware.
• In the first week of January, researchers identified a malicious Telegram for Desktop installer that was used for propagating Purple Fox malware. The installer was compiled in an AutoIt script named ‘Telegram Desktop.exe’ to fool users.
• A new variant of Echelon infostealer had also leveraged the Telegram channel as a propagation channel in an attempt to steal crypto wallets from users.
• Moreover, the threat actors behind the RedLine stealer were found operating the malware through an abused Telegram service to steal a heap of credentials from browsers, VPN, FTP, cookies, cryptocurrency wallet, and more.

Conclusion