A popular communication app, Telegram, has transformed into an alternative forum for cybercriminals aside from the dark web. Malicious threat groups are seen exploiting the platform to perform and operate underground channels in selling or trading stolen financial data to other cybercriminals.
Security researchers showed that compromised cards from the most prominent financial institutions are profitable for Telegram-based underground stores and traders. Some of the identified compromised cards are owned by financial entities such as Wells Fargo, the Bank of America, Chas Bank, Visa, Mastercard, and Western Union.
The compromised cards offered on Telegram come in two forms, just like what threat actors do in dark web markets. The first form is the one that includes CVV or CVV2 data, and the other one contains dumps like account number, critical information, and cardholder’s name.
Threat actors can also gather the dumps to develop an identical physical clone of a compromised card that enables them to make a physical purchase using the phoney card.
Observations showed that the cards’ prices range from $15 to $1500, depending on how up-to-date the data stored in the cards and their fund balance are.
Telegram is also a channel that can spread malware aside from being a place where actors can actively exchange compromised cards.
A new malware strain called Echelon info stealer had also abused the Telegram communication channel as a propagation hive in an attempt to exfiltrate crypto wallets from several users.
Furthermore, a couple of months ago, the threat actors behind the RedLine stealer were found operating their malware through an exploited Telegram service to steal a ton of credentials from VPN, FPT, cookies, crypto wallets, browsers, and more.
The Telegram channel has become a haven for threat actors for quite some time now. The cybercrime incidents occurring inside the communication platform are thriving since increased threat actors opt to accomplish their hostile acts.
Telegram should ensure that it does not become the potential attack vector for illegal acts such as online fraud, hacking, extorsions, and other malicious activities with about half a billion active users that could be affected.
