Telegram's Role in 'Democratization' of Cybercrime Unveiled by Guardio Labs

Telegram is no longer a secure messaging platform.

In a recent cybersecurity report, Guardio Labs researchers Oleg Zaytsev and Nati Tal exposed the concerning trend of the "democratization" of the phishing ecosystem, pinpointing Telegram as a central hub for cybercriminal activities.

Telegram, once considered a secure messaging app, has transformed into a dark and well-organized supply chain where experienced cybercriminals and novices exchange illicit tools and insights. The platform facilitates the exchange of free samples, tutorials, and kits and even provides access to hackers-for-hire, offering all the elements necessary for constructing comprehensive malicious campaigns, according to The Hacker News. The researchers reveal that threat actors can now organize mass phishing attacks for as little as $230.

Telegram's Role in the 'Democratization' of Cybercrime Unveiled by Guardio Labs
This photo taken on March 23, 2022 shows the mobile messaging and call service Telegram logo on a smartphone screen in Moscow. Photo by -/AFP via Getty Images

This is not the first time Telegram has come under scrutiny for enabling malicious activities. The platform's lenient moderation efforts have allowed what was once confined to invite-only forums on the dark web to become readily accessible through public channels and groups, exposing aspiring cybercriminals to the world of cybercrime.

Beware of Telekopye in Telegram Marketplaces

Kaspersky's April 2023 findings highlighted the use of Telegram by phishers to educate newcomers about phishing and advertising bots capable of automating the creation of phishing pages to harvest sensitive information like login credentials.

Among these threats, Guardio Labs points out the malicious Telegram bot, Telekopye (aka Classiscam), which specializes in crafting fraudulent web pages, emails, and SMS messages for large-scale phishing scams.

Guardio Labs emphasizes the ease with which building blocks for phishing campaigns can be procured on Telegram at varying prices, including some offered for free. This accessibility enables the setup of scam pages through phishing kits, hosted on compromised WordPress websites via web shells, and the use of backdoor mailers to send deceptive emails.

To amplify the success of these campaigns, digital marketplaces on Telegram offer "letters," expertly designed templates that lend authenticity to phishing emails. The platform also serves as a repository for bulk datasets known as "leads," containing valid email addresses and phone numbers, sometimes enriched with personal information.

In November, a News18 report revealed the deployment of Telekopye by scammers and hackers for large-scale phishing scams. The hackers employed various strategies, such as creating additional photos for nonexistent items and meticulous planning based on target characteristics, to enhance the success of their scams.

Vigilance Against Cyberattacks Strongly Urged

Guardio warns that site owners have a dual responsibility to protect their business interests and prevent their platforms from unwittingly hosting phishing operations and other illicit activities.

The report concludes that, unfortunately, with a small investment, anyone can initiate a significant phishing operation, irrespective of prior knowledge or connections in the criminal underworld.

Social media account credentials can be sold for as little as a dollar, while banking accounts and credit cards could fetch hundreds of dollars based on their validity and funds.

Experts emphasize that cybersecurity protection extends beyond human conduct. A key technological safeguard that users and companies can implement is multifactor authentication (MFA), which protects against online attacks. According to a Forbes article, MFA adds security layers like a supplementary, one-time password via SMS, a physical token, or a biometric ID to a login and password.

However, even with strong two-factor authentication, people may mistakenly provide additional authentication data, especially in compelling phishing emails. Thus, "trust but verify" must be reinforced. Moreover, fake emails that induce workers to break from conventional practices, even from reputable sources, should be addressed in anti-phishing training.

byline-quincy
byline-quincy byline-quincy
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics