Telegram is being used by threat actors to buy, sell, and distribute hacked data and malware tools, making it a viable alternative to the darknet forum.
Cybercriminals use a variety of methods to deploy/spread their malware or Trojans across targeted networks, in addition to attacking techniques. For their malicious actions, several threat actor groups use social media platforms or instant messaging services like Facebook, Twitter, and WhatsApp. Cybercriminals have been using the messaging service platform Telegram for their cybercriminal activities, according to a joint security investigation from Cyberint and Financial Times.
Telegram is being used by threat actors to buy, sell, and distribute hacked data and malware tools, making it a viable alternative to the darknet forum.
Telegram offers Channels, which allow users to broadcast public messages to large groups of people. Users can send and receive huge data files across channels with an unlimited number of subscribers. The investigation discovered multiple Telegram groups with the names Email:pass, Combo, and combolist, which are hacker lingo for stolen email and password lists. Hundreds of thousands of leaked usernames and passwords are purportedly being circulated by the attackers.
After Facebook-owned WhatsApp updated its privacy policy, numerous users sought alternatives, which led to an increase in cybercriminal activity on the Telegram platform.
Cybercriminals are spreading stolen data dumps on Telegram from previous cyberattacks and data breaches from numerous firms, including Facebook, marketing software provider Click.org, and dating site Meet Mindful, according to separate research from security threat intelligence firm vpnMentor.