A joint investigation by the Financial Times and threat intelligence provider Cyberint revealed a significant increase in cybercrime on the popular messaging app Telegram.
The app, which can be set up on a mobile or desktop device, provides end-to-end encryption and allows its users join groups of up to 200,000 members.
All of the above – combined with lax content moderation by the company that operates it – allowed for the app to become a better option for cybercriminals to run their illegal activities than the so-called dark web.
“We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyberthreat analyst at Cyberint. “Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data… as it is more convenient to use than the dark web.”
Hackers use the app for cybercrime – the same type that takes place on the dark web – by sharing, selling and buying leaked data and hacking tools in channels with tens of thousands of members.
Given the rapid increase in cybercrime on its groups and channels, the platform might face pressure to strengthen its content moderation since it plans to go public and introduce advertising to its service.
According to Cyberint, common hacking terminology mentions like “Email:pass” and “combo” quadrupled in the past year to almost 3,400.
For example, hackers used a public Telegram channel called “combolist,” which included more than 47,000 subscribers, to share hundreds of thousands of leaked usernames and passwords.
Also, a post titled “Combo List Gaming HQ” offered 300,000 emails and passwords, suggesting they could be used for hacking video game platforms like Minecraft, Origin or Uplay. Another post claimed possession of 600,000 logins for Yandex users and others for Google and Yahoo as well.
Telegram removed the channel after it was contacted by Financial Times for comment.
However, password leaks represent only a small portion of the cybercrime on the Telegram marketplace. Cybercriminals also sell financial data such as credit card numbers, bank accounts and sites credentials and copies of passports.
The company said it has a policy for removing personal data shared without consent and that every day its professional moderators remove more than 10,000 public communities for violating the terms of service. However, we’ve yet to see whether the flow of cybercrime will decrease as a result.