Amid concerns about Telegram’s security, a new report by Kaspersky Digital Footprint Intelligence reveals a troubling trend: cybercriminals are increasingly using Telegram for underground market activities.
The report found that cybercriminals are actively using Telegram channels and groups to discuss fraud schemes, distribute leaked databases, and trade various criminal services. This includes cashing out stolen money, forging documents, and launching DDoS attacks. According to Kaspersky’s data, the volume of such posts surged by 53% in the last two months compared to the same period last year.
Several factors are driving this growth in criminal activity on Telegram. First, the messaging app boasts a massive user base of 900 million monthly users. Second, Telegram is marketed as a secure and private platform that doesn’t collect user data, giving criminals a false sense of security. Additionally, finding or creating a Telegram community is relatively easy, allowing criminal channels to quickly gather an audience.
While the barrier to entry is lower on Telegram compared to restricted dark web forums, there is a trade-off. Cybercriminals on Telegram tend to be less sophisticated overall. However, this is offset by the ease of finding and joining criminal communities. Telegram also lacks a reputation system, which is common on dark web forums, making it easier for scammers to deceive others within the platform.
Beyond criminal activity, Telegram has also emerged as a platform for hacktivists. Hacktivists leverage Telegram’s large user base and rapid content distribution to incite DDoS attacks and other disruptive actions against targeted organizations. Stolen data can also be released to the public through Telegram’s shadow channels.