A recent analysis has revealed a significant increase in cybercriminal activity on Telegram, with a 53 per cent rise in illicit posts observed from May to June 2024 compared to the same period last year.
This growth points to the growing trend of cybercriminals using Telegram as a platform for underground market activities. Cybercriminals are actively utilising Telegram channels and groups to discuss fraudulent schemes, distribute leaked databases, and trade various illegal services, such as cashing out, document forgery, and DDoS attacks as a service.
According to Kaspersky analysis, the growing appeal of Telegram to the cybercriminal community is driven by several factors. The platform’s popularity, which has 900 million monthly users as per Pavel Durov, is a significant draw.
“Secondly, it (Telegram) is marketed as the most secure and independent messenger that does not collect any user data, giving threat actors a sense of security and impunity. Moreover, finding or creating a community on Telegram is relatively easy, which, combined with other factors, allows various channels, including cybercriminal ones, to gather an audience quickly,” said Alexey Bannikov, analyst at Kaspersky Digital Footprint Intelligence.
Cybercriminals on Telegram typically show lower levels of technical skill and knowledge compared to those on more exclusive dark web forums. This is because joining the Telegram shadow community is relatively easy—anyone with harmful intentions can create an account and connect with criminal sources. Additionally, the analysis found that unlike dark web forums, Telegram does not have a reputation system, making it a haven for scammers who frequently trick other members of the criminal community.
