Forget DARK WEB. Telegram is the new marketplace for illegal activities and cybercrime
According to reports, researchers from vpnMentor have found that cybercriminals are using Telegram to “share and discuss” massive data leaks that can expose “millions of people to unprecedented levels of online fraud, hacking, and attack”
Cybercriminals have a new alternative to the dark web — Telegram. An investigation by cybersecurity researchers into the messaging platform has revealed that private data of millions of people are being shared openly on groups and channels that have thousands of members. Adversaries are increasingly abusing Telegram as a “command-and-control” system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.
CAccording to reports, cybercriminals are using Telegram to “exchange and discuss” big data leaks that could expose millions of people to new levels of online fraud, hacking, and attack, according to vpnMentor researchers.
In order to witness these “illicit exchanges” between threat actors and themselves firsthand, vpnMentor’s team joined several cybercrime-focused groups and channels on Telegram.
They saw hackers “openly sharing data dumps on channels” with over 10,000 members, which was not unusual.
CONTROL TOXIC EYE MALWARE
“Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app,” said researchers from cybersecurity firm Check Point, who have identified no fewer than 130 attacks over the past three months that make use of a new multi-functional remote access trojan (RAT) called “ToxicEye.”
The use of Telegram for facilitating malicious activities is not new. In September 2019, an information stealer dubbed Masad Stealer was found to plunder information and cryptocurrency wallet data from infected computers using Telegram as an exfiltration channel. Then last year, Magecart groups embraced the same tactic to send stolen payment details from compromised websites back to the attackers.
The strategy also pays off in a number of ways. For a start, Telegram is not only not blocked by enterprise antivirus engines, the messaging app also allows attackers to remain anonymous, given the registration process requires only a mobile number, thereby giving them access to infected devices from virtually any location across the world.
Cybercriminals are using Telegram to share illegally obtained private data
Investigation conducted by NortonLifeLock has found evidence of a “thriving illegal marketplace” on Telegram where everything from Covid-19 vaccines, personal data, pirated software to fake IDs are up for sale. The research done by vpnMentor had their team joining several cyber crime-focused groups and channels on Telegram to witness these “illicit exchanges” between bad actors and themselves first hand. Not surprisingly, they found hackers “openly posting data dumps on channels” some of which have over 10,000 members. These “unscrupulous users” also don’t shy away from discussing how these data dumps can be exploited.
Traditionally, data dumps like these are usually exchanged over the dark web. Moving these exchanges to Telegram has its advantages including “protecting the privacy of its members”. Also, Telegram has a lower barrier for entry as compared to the dark web and this messaging platform is also immune to Distributed Denial of Service (DDoS) attacks, web takedowns that can threaten how cybercriminals work on the normal web.
The Rise of Cybercrime on Telegram and the Need for Continuous Monitoring
Instant messaging, popularly called IM or IM’ing, is the exchange of near real-time messages through a stand-alone application or embedded software. Unlike chat rooms with many users engaging in multiple and overlapping conversations, IM sessions usually take place between two users in private.
One of the core features of many instant messenger clients is the ability to see whether a friend or co-worker is online on the service — a capability known as presence. As the technology has evolved, many IM clients have added support for exchanging more than just text-based messages, allowing actions like file transfers and image sharing within the IM session.
The top three messaging apps by the number of users are WhatsApp — 2 billion users, Facebook Messenger — 1.3 billion users, and WeChat at 1.12 billion users. Messenger is the top messaging app in the US. In 2017, approximately 260 million new conversations were taking place each day on the app. In total, 7 billion conversations were occurring daily.
The power of social media platforms lies in their ability to connect users and create unique avenues for interaction. For individuals, enterprises, and governments, they facilitate new ways of reaching their audience, promoting a product, and fostering communities.
The growing presence of cybercriminals on social media platforms
The universal appeal of social media platforms makes it equally attractive to cybercriminals. Yet the growing range of criminal risks encountered across social media remains significantly under-researched.
Cybercriminals, it seems, aren’t that different from consumers and enterprise users — they want tools that are easy to use and widely available. They prefer services that are simple, have a clean graphical user interface, are intuitive to use, and are not buggy. Localization and language support also make a difference. Cybercriminals are very careful about who they let into their exclusive club, but they also don’t want to jump through excessive (and costly) hoops to communicate with each other.
FOR ANY REFERENCE :