A Group of Hackers and Cybercriminals is Using Telegram to Share Hacking Tools and Data Leaks
Despite its promise of privacy and security, groupe telegram leak has become a hub for malicious hackers. This is because the app offers a lower barrier to entry than the dark web and allows hackers to reach a large audience quickly.
Hackers share their exploits via dedicated Telegram channels. These channels explain the leaks in a way that is easy for everyone to understand.
The Data Leak
Although the encrypted messaging platform Telegram boasts an impressive user base, it remains prone to misuse by malicious actors. The app’s openness and ease of file sharing have prompted threat actors to use it as a means of distributing hacking tools and malware. This is often accomplished by distributing malware-infected APK files that can carry Trojans, ransomware, and other harmful payloads.
While some of these nefarious tools are easy to spot with the help of security software, others utilize sophisticated obfuscation techniques. Marshal encoding is used to hide the true nature of these nefarious scripts, enabling them to evade detection by conventional security solutions. Fortunately, users can safeguard against such stealthy threats by fostering cybersecurity awareness and employing robust protection measures.
In the wake of a recent data leak, Minneapolis Public Schools has canceled its contracts with a social media-monitoring company after it emerged that the private information of 2.28 million people had been compromised. The hackers responsible for the breach have released the information in a torrent of files on the Dark Web. The cache includes everything from descriptions of students’ behavioral problems to teachers’ Social Security numbers.
It’s not Telegram’s first brush with privacy issues. In August 2019, a bug found in the app’s group chat feature exposed the phone numbers of thousands of pro-democracy protesters in Hong Kong. The bug exploited Telegram’s contact import feature to expose members’ phone numbers, even if they had chosen to keep them private.
Telegram’s Privacy Issues
The app touts its security features as one of the main selling points, but those safety measures aren’t always set up by default. Users have to manually enable them. Competitors like Signal automatically apply them to all chats. In addition, Telegram’s encryption is not end-to-end (E2EE), meaning that it could be hacked and read by authorities.
The service also has an inconsistent approach to content moderation. Many viral Telegram groups allow members to share offensive and hateful content that would normally be banned on other online platforms. Durov has admitted that these groups are a “threat to society”, but has said that the company is “too hands-off”.
Another issue is how quickly Telegram allows criminals to create channels and groups on the platform. This gives them a way to communicate with members and distribute their malware without the risk of being caught by online scanners or security tools.
While the company does try to shut down these groups, they can often stay open for months. Moreover, some administrators will create a ‘backup’ group that is open to new members and pinned to the top of the list so that they can continue their operations once the original group is closed down. This is a major problem that the company needs to address urgently.
The Impact of the Leak
In addition to its widespread use by terrorists, extremists, child pornographers, and conspiracy theorists, Telegram is also used as a platform for sharing hacking tools, tutorials, and stolen data. These channels lower the barrier to entry for cybercriminals, making it possible for even those with limited computer literacy to pursue online fraud and hacking.
As a result, criminals are using Telegram to sell credit card details and bank account logins, which can yield high payouts. Police raided a channel on Telegram that posted and sold obscene contents, and arrested four men responsible for running it.
Unfortunately, Telegram’s approach to shutting down these groups is inconsistent. While they have closed groups that share copyrighted material, it takes months for them to act on other issues, including groups that publicly post private information about millions of users.
This is an issue that requires immediate attention from the company. As a matter of urgency, Telegram needs to make it harder for threat actors to access and use its hosted channels for malicious purposes. For example, it should allow group admins to modify the display settings so that members’ usernames aren’t visible to everyone. In addition, it should add an option that allows users to turn groups into supergroups, which are hidden from public view. This will go a long way in improving security and protecting users’ privacy.
Conclusions
A group of hackers and cybercriminals is using Telegram to share, sell and distribute hacking tools and data leaks. The growth of this trend is due to the ease with which channels and groups can be created on the platform. Unlike dark web forums which can take days to set up, creating a group on Telegram takes seconds.
Last month, a hacker using the name Lab Dookhtegam published a series of leaks on Telegram and the dark web. These leaked files contained information that was claimed to come from the operations of Iran’s MuddyWater APT (APT = advanced persistent threat). This isn’t the first time such a leak has occurred. Last year, a similar leak was released by a hacker named x0rz.
Additionally, Check Point Research has observed multiple hacker groups on Telegram, Signal and the darkweb attempting to help anti-government protestors in Iran bypass regime restrictions. Among other things, these hacker groups share open VPN servers to bypass censorship, reports on Internet status, maps of sensitive locations, and more.
Furthermore, hacker group Kelvin Security uses Telegram to promote its hacking actions and share leaks related to the military, government agencies, management, aviation, casinos & gaming, communications, energy, and more. The group also works with a network of dropshipping stores, which are online retailers that don’t actually stock the products they sell but instead act as middlemen connecting a consumer trying to buy a product with a seller who has access to it.