Telegram: A New Safe Haven for Cybercriminals?
Flare, an expert company in automated online threat detection, has recently released a study that delves into the activities of cybercriminals and crypto fraudsters on Telegram.
This primarily refers to developers of malware (like ransomware and stealth miners), black hat hackers, scammers, or plain old personal data scalpers. They all seem to be turning to this popular messaging platform rather than the traditional anonymity tools (like the Tor browser combined with a VPN).
In essence, cybercriminals are capitalizing on Telegram's principled stance. The platform offers considerably more thematic freedom and privacy than other social platforms. But besides the obvious reasons, Flare points out several other factors explaining this shift:
1. No intermediaries: When using darknet platforms, users often have to transfer cryptocurrency to an intermediary address before it reaches the seller. For criminals, this situation represents a risk, as they could face potential refunds, freezes, or bans from trading platforms.
2. Convenience: Compared to the rather outdated Tor browser, modern messaging apps, particularly Telegram, offer substantial benefits. For fraudsters, private chats and anonymous channels are available. Moreover, the user-friendly app and low entry barriers help quickly build up an audience for new cybercrimes.
3. Enhanced sense of security: Unlike the decentralized Tor browser, which is under close watch by law enforcement, Telegram remains "just a messenger" without a notable criminal reputation. This plays into the hands of criminals, making Telegram virtually entirely secure for them, especially when registering with a disposable phone number.
Flare's report reveals that fraudsters' channels often focus on a specific type of product, such as drugs, weapons, malicious software, or hacked accounts. For transactions or monthly subscriptions that offer extended privileges, they typically use the Monero cryptocurrency. The company highlights the primary forms of cybercrime:
1. Compromised accounts from various platforms such as exchanges, social networks, and financial and banking services.
2. Financial scams involving fake tokens, the sale of non-existent training courses, and Pump-and-Dump schemes.
3. "Curated" lists of personalized data which include a user's full name, email, passwords, and other personal information like passport details. Some miscreants even merge these datasets with malicious software to steal information about the data purchaser.
4. National hacktivism, an activity of malicious groups that has escalated since the start of the war in Ukraine. Its objective is to gather resources or information to carry out cyber attacks on the infrastructure of various countries
Although Telegram is undoubtedly attracting criminals, this does not imply that the messenger service itself is inherently problematic. Upholding privacy should be a priority, and every individual must recognize their responsibility to safeguard their personal data, including passwords, files, and cryptocurrency wallets.