‘Secure’ app Telegram is fast becoming a haven for hackers

Experts warn that cybercriminals are using Telegram -- a messaging app not quite so secure -- to distribute stolen data.
21 September 2021

Telegram is turning into hackers’ hotspots. Here’s why. (Photo by Yuri KADOBNOV / AFP)

  • Security firm Cyberint and the Financial Times noticed a sharp uptick in activity involving hackers on Telegram channels, some of which have tens of thousands of members
  • Cybercriminals are using the Telegram platform to peddle stolen data and hacking tools, and to share info on recent data leaks that could enable future attacks

When any platform surpasses a level of popularity, bad cyber behavior will lurk there — even on services that claim privacy and security as their mantras. Telegram, the popular and purportedly secure messaging app, has over 500 million active users monthly. The unfortunate truth however might be that Telegram is not as secure as the company’s marketing campaigns might lead some to believe. The messaging platform has been a playground for hackers, new research has found.

Over the years, Telegram was gradually being touted as a secure alternative to free popular chat app WhatsApp. The company has been criticized in the past, reportedly doing the bare minimum to curtail revenge pornography or counterfeit vaccination cards. To make matters worse, the new study found that Telegram is an attractive home for the internet’s more shadowy denizens.

Through recent research by security firm Cyberint in collaboration with the Financial Times, a sharp uptick in cybercriminal activity over Telegram channels was highlighted, with some channels having tens of thousands of members. The cybersecurity firm found that hackers are selling and sharing information concerning data leaks on Telegram, because it’s easy to use and not heavily moderated.

Telegram, the easy-access dark web?

Usually, such data dumps belong within the domain of the so-called “dark web” — a version of the internet that can only be accessed using specialized browsers like Tor, and encrypted logins. Hackers find the dark web appealing because it lives in a corner of the deep web that is locked down against outside observers and intrusion.

All those barriers come with a price, since not just anyone can access the dark web. That’s where Telegram fits the picture. It’s easy to download the app and set up an account. The service’s “secret” chats use end-to-end encryption, for added privacy. 

And while group chats don’t have the same protection, you still need a link or invite to get in. Telegram also allows for massive group chats of up to 200,000 users. Such features have prompted what Cyberint threat analyst Tal Samra called a more than “100% rise” in Telegram usage among hackers. “Its encrypted messaging service is increasingly popular among threat actors conducting the fraudulent activity and selling stolen data. As it is more convenient to use than the dark web,” he said.

What is the Telegram appeal to hackers?

According to the study, the burst of Telegram adoption was prompted by recent changes at one of the app’s competitors, the Facebook-owned WhatsApp. While Telegram and WhatsApp both are popular destinations for those seeking more privacy in their digital communications — the two platforms offer at least some form of end-to-end chat encryption — the latter’s new, if beleaguered, privacy policy has made the platform somewhat less appealing for users with questionable intentions.

The research arm also found that mentions of certain terms hackers use when they’re hawking stolen emails and passwords “rose four-fold” between 2020 and 2021. The FT story also mentions a (since-removed) public channel called “combolist” — itself a reference to hacker terminology — where data dumps were sold or shared.

The channel had around 47,000 users when Telegram shut it down, a move that only happened after FT inquired about its existence. The Cyberint study further found a marketplace on Telegram for financial data, personal documents, malware and hacking guides, along with access to online account credentials.

To top it off, the dark web itself is feeding Telegram’s growth, Cyberint found. The company’s researchers noticed a massive spike in links to Telegram destinations being shared on dark web forums over the past year, rising from just over 172,000 in 2020 to more than one million this year.

The research findings puts Telegram in a tenuous position and the platform has yet to respond to the reports. With growing signs that the company is looking to bring in new money and eventually go public, one wonders how much longer its reportedly lax moderation standards will be allowed to stand.