Researchers from leading security vendor, Check Point, have revealed that cybercriminals are now exploiting the popular messaging app, Telegram, to exchange information, recruit new partners and evade authorities. The app has been banned in several countries, including Russia and – just the other day – Iran.
Criminals are turning to Telegram because law enforcement has been successful recently in taking down Dark Web marketplaces and forums, such as Hansa Market and AlphaBay. Telegram is easy to access and offers enhanced security capabilities, so some of its hosted chat groups have become a useful alternative to Dark Web forums.
Telegram launched in 2013, and is an encrypted instant-messaging application with 200 million active users monthly. Similar to WhatsApp, Telegram users can chat to individuals as well as groups. Any criminal with a shady offer or conversation to start can enjoy private and end-to-end encrypted chats instead of the exposed threads that are seen in online forums. In the past, several steps were required to ensure an anonymous connection to the Dark Web via the TOR platform. But today any Telegram user can easily join channels with a single tap on their phone, while keeping their identity completely hidden.
Examples of the chat channels discovered by Check Point researchers are ‘Dark Jobs’, ‘Dark Work’ and ‘Black Markets’. Messages on these include advertisements seekingto recruit employees of companies or banks, to obtain inside information and sensitive data. One eye-catching job posting found by the researchers was seeking employees of Western Union or Money Gram that have access to certain systems. Allegedly, the employees would be paid $1000 per day for their efforts. Mobile network operators’ employees are also highly sought after. This inside information could be sold, or used to conduct a cyberattack from inside the company.
Other illegitimate services in some of Telegram’s more crooked channels include forging legal documents. Counterfeit documents include IDs, passports, banking documents and more. The author of one of the posts even claimed to have connections inside the Russian Traffic Police Department and to be able to issue driving licenses of all categories.
The convenience of Telegram channels allows for threat actors and those aiming to take part in cybercrimes to communicate in a more secure and easily accessible manner. Although messaging applications have become an integral part of modern life and improved over the years to ensure the security of their user’s information, they are also being taken advantage of by those fleeing from prying eyes, and the law – putting personal and financial information at risk.