Wager Mage
Photo by Andrea Piacquadio Pexels Logo Photo: Andrea Piacquadio

Why do hackers use Telegram?

Telegram bots offer hackers a broad range of possibilities in automating malicious tasks. For example, we have seen that with the help of Artificial Intelligence, some bots perform sophisticated social engineering attacks by impersonating banks and companies to steal and capture OTP and SMS codes from their victims.

socradar.io - Telegram: A New Place for Hackers - SOCRadar® Cyber Intelligence Inc.
Who bets first little or blind?
Who bets first little or blind?

Before the flop, the player to act first is just to the left of the big blind. In the case of three-handed play, that would be the button. After...

Read More »
Last updated Dec 1, 2018
Are you born with athletic ability?
Are you born with athletic ability?

Athletic performance is a complex trait that is influenced by both genetic and environmental factors. Many physical traits help determine an...

Read More »
Last updated May 19, 2020

One of the most commonly used messaging apps, Telegram, has become more and more popular ever since the privacy policy scandal of WhatsApp in January 2021. WhatsApp announced that they have been sharing their customers’ sensitive data with Facebook for a couple of years, which created turmoil in WhatsApp users. People have been searching for an alternative for WhatsApp, and they have decided to switch to other messaging apps such as Telegram.

Telegram’s Increasing Popularity

Even though Telegram only encrypts messages in communication between your device and its servers by default (you can manually enable end-to-end encryption), Telegram is known for its safety and encryption policies. App has around 500 million active users, and more than 100 million people have downloaded the app in 2021. Telegram’s popularity also attracted hackers’ attention, and it became the main hub for threat actors. The fact that Telegram is a legit messaging app used by millions gave hackers the chance to conceal themselves and achieve their evil deeds.

Utilizing Telegram to Perform Malicious Activities

Hackers have been using Telegram to carry out various malicious tasks. Below, you can see the most common ways threat actors utilize the app.

Sharing Stolen Databases

Telegram Data Leak Incident Card Created by SOCRadar.

Typically, threat actors tend to sell data dumps in hacker forums inside the Dark Web. They put up the databases to auction and try to make as much money as possible by selling the dump to the highest bidder. After selling the data dump or failing to do so, they sometimes opt to share the information openly and post the leaks on hacker forums, Pastebin, and Telegram. SOCRadar tracks and monitors Telegram groups hackers mainly use and detects data leaks your organization suffers. Below, you can see a screenshot of a Telegram data leak incident detected by SOCRadar.

Communicating with Other Hackers

Threat actors have also been using the app to chat with other people. However, we see that hacker channels go beyond the intended usages by performing malicious activities. Hackers discuss tactics, techniques, and procedures (TTPs) to perform cyber attacks, new emerging vulnerabilities and zero-days, important cybersecurity events and news, and many other subjects to be up-to-date in the cybercrime sector. They also utilize Telegram to communicate with potential buyers of database sales posted on hacker forums on the dark web. We see that the app has been a primary communication platform for threat actors. Below, you can see two example posts in hacker Telegram channels, one a cybersecurity news post and the other one advertising a private data leak channel.

A Post in Cybersecurity News Hacker Channel on Telegram.

Why do soldiers put cards on their helmets?
Why do soldiers put cards on their helmets?

In World War II, the soldiers of the 506th Parachute Infantry Regiment of the American 101st Airborne Division were marked with the spades symbol...

Read More »
Last updated Apr 29, 2020
How long does it take to cash out on online casino?
How long does it take to cash out on online casino?

But, for the most part, online casinos will take from 2 to 3 business days to process your withdrawal request. During that time, you are usually...

Read More »
Last updated Apr 17, 2021

Telegram Bots: Automating Malicious Activities

Telegram bots offer hackers a broad range of possibilities in automating malicious tasks. For example, we have seen that with the help of Artificial Intelligence, some bots perform sophisticated social engineering attacks by impersonating banks and companies to steal and capture OTP and SMS codes from their victims. In particular, OTP-Bot, a well-known malicious Telegram bot, claims %98 success rate on their OTP capturing attacks, a near-perfect success rate. Below, you can see a sample screenshot showing successful OTP-Bot attacks.

A Successful OTP-Bot Attack

We also see that Telegram is being used as an infection vector through automatized bots to deploy malware. Some of these malware grants threat actors access to the victim system through the Command and Control (C2) server.

Faulty Feature: “People Nearby”

Another feature hackers exploit in Telegram is called “People Nearby.” This feature lets users see the precise locations of nearby people who have turned this feature on (the feature is off by default). However, this feature has a security flaw since threat actors can abuse it by spoofing their geolocation and accessing the precise locations of innocent people. Every bit of information is significant in the cybercrime sector, so this security flaw can give threat actors the upper hand in achieving their malicious intentions. When addressed with this security flaw, Telegram developers chose to turn a blind eye to this matter, but the solution is simple. SOCRadar CTIA team suggests users turn this feature off to protect their privacy against hackers.

Find Out What’s Happening In Telegram Hacker Channels

Threat Share’s CyberSec News module delivers the most relevant news about products and technologies automatically discovered in your digital assets. On the other hand, DarkMirror shares important agendas in deep and dark web forums, social media, and communication channels such as Telegram and ICQ with screenshots and texts.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

Discover your unknown hacker-exposed assets

Check if your IP addresses tagged as malicious

Monitor your domain name on hacked websites and phishing databases

Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access

socradar.io - Telegram: A New Place for Hackers - SOCRadar® Cyber Intelligence Inc.
Should you split 4s against a 7?
Should you split 4s against a 7?

Without regard to the S17 and H17 rules, single-deck blackjack players are advised to split their 4s versus the dealer's 4, 5, and 6 and hit versus...

Read More »
Last updated Mar 27, 2020
Does anybody won 1 crore in Dream11?
Does anybody won 1 crore in Dream11?

Fortunately, Kumar's dream team during the T20 match of India vs Australia earned him the cash prize of Rs 1 crore. The youngster was stumped after...

Read More »
Last updated Nov 30, 2018
Are shorter darts better?
Are shorter darts better?

Dart Shaft lengths, for example, help to determine the way a dart performs. There isn't a “best” shaft or flight to use in darts as this usually...

Read More »
Last updated Feb 25, 2022
What is a Coral bet?
What is a Coral bet?

The latest offering from Coral.co.uk is its mobile betting application which allows its customers to place bets on their favourite sporting event...

Read More »
Last updated Apr 1, 2018