Amid rising concerns about the security of the operations of Telegram, a new study conducted by Kaspersky found that cybercriminal activities in the platform surged by 53 percent from May to June this year, compared to the same period in 2023.
In a recent press statement, Kaspersky noted that cybercriminals are increasingly using Telegram as a platform for underground market activities.
Cybercriminals Using Telegram
According to the report, cybercriminals are actively operating channels and groups on Telegram dedicated to discussing fraud schemes, distributing leaked databases, and trading various criminal services, such as cashing out, forging documents, DDoS attacks as a service and more.
"The growing interest in Telegram from the cybercriminal community is driven by several key factors. Firstly, this messenger is very popular in general – its audience has reached 900 million monthly users, according to Pavel Durov. Secondly, it is marketed as the most secure and independent messenger that does not collect any user data, giving threat actors a sense of security and impunity," said Alexey Bannikov, an analyst at Kaspersky Digital Footprint Intelligence.
Bannikov added: "Moreover, finding or creating a community on Telegram is relatively easy, which, combined with other factors, allows various channels, including cybercriminal ones, to gather an audience quickly."
Cybercriminals on Telegram Have Less Technical Knowledge
The report further pointed out that cybercriminals operating on Telegram generally demonstrate less technical sophistication and expertise compared to those found on more restricted and specialized dark web forums.
This is due to the low entry barrier into the Telegram shadow community – someone with malicious purposes simply needs to create an account and subscribe to the criminal sources they can find as they are already part of this criminal community.
Kaspersky also warned that there are many scammers in Telegram's cybercriminal space who tend to deceive their fellow community members.
"Due to its extensive user base and rapid content distribution through Telegram channels, hacktivists find the platform a convenient tool to incite DDoS attacks and other disruptive methods against targeted infrastructures. Additionally, they can release stolen data from attacked organizations into the public domain using shadow channels," added Bannikov.