Known as the best alternative to WhatsApp, Telegram has gained a lot of publicity in the last 2 years. However, the company is facing strong criticism because it did not do enough to limit fake vaccination cards or revenge porn on its platform. And now a new study has found that the Telegram is an attractive attraction for cybercriminals.
The revelation comes from a study conducted by Cyberint. The cybersecurity company found that hackers sell and share data leaks on Telegram because it is easy to use and does not impose many mitigations.
In the past, such data sales were largely located on the so-called "dark web", a part of the internet that can only be accessed through special browsers and links. The hacker they find the dark web attractive because it is located in a corner of the deep web - that is, the part of the internet that does not appear in search engines - which is even more protected from outside observers and interference.
But all these obstacles come at a price: Not everyone can access the dark web. And this is exactly where the Telegram comes in. It is easy to download the application and create an account. The "secret" conversations of the service use edge-to-edge encryption, for additional privacy. And while group chats do not have the same protection, you do need a link or an invitation to log in. Telegram also allows mass group chats with up to 200.000 users.
These features have led to what the Cyberint Threat Analyzer, Tal Samra called for more than a "100 percent increase" in the use of Telegram by cybercriminals. "Encrypted messaging service is becoming more and more popular among fraudsters who carry out fraudulent activities and sell stolen data… as it is more convenient to use than the dark web."
The increase in Telegram usage was caused, according to the study, by the recent changes in the privacy of WhatsApp, which belongs to Facebook.
Cyberint found that reports of certain terms used by hackers to exchange stolen emails and passwords "quadrupled" between 2020 and 2021. The research also cites a public channel called "combolist" - named after just a reference to hacker terminology - where listings were sold or simply notified.
There were about 47.000 users on the channel when Telegram shut it down. The Cyberint study also found that there is a market in Telegram for financial data, personal documents, malware and hacking drivers, in addition to online account credentials.
The dark web itself feeds the development of Telegram, Cyberint found. The company's researchers noticed a huge increase in links to Telegram destinations, shared on dark web forums between 2020 and 2021, from about 172.000 last year to more than a million this year.
Telegram has not yet commented on the incident.