The encrypted messaging app Telegram has become a veritable marketplace for bad actors who want to launch effective phishing campaigns on the cheap, essentially democratizing the cyberthreat, according to researchers at cybersecurity firm Guardio.
Where once the various parts that make up a phishing attack - the kits, infrastructure, and expertise - could be had on invite-only forums on the dark web after navigating through various Tor Onion networks, now they can be easily found through simple searches on Telegram.
It's part of a larger trend in the cybercrime landscape of ransomware, distribute denial-of-service, and other threats as a service, with threat groups offering their tools for sale or rent to affiliates who take the lion's share of the ill-gotten gains.
As-a-service cybercrime enables even low-skilled hackers to access to the tools necessary for launching relatively sophisticated campaigns.
In this case, Telegram becomes the place where anyone can shop for the phishing tools they need, according to the Guardio researchers.
It has been downloaded more than 1 billion times, with more than 464 million downloads last year.
It has more than 800 million monthly users, so its reach is massive.
What Guardio found was that this massive network is also an increasingly popular shopping site for everything a cybercriminal could want.
Other cybersecurity vendors have seen the migration of tools for phishing and other threats to Telegram.
Kaspersky researchers in a report last year wrote about how the messaging tool has become popular for phishing among bad actors.
Analysts with cybersecurity company ESET last year wrote about hackers using a new toolkit, dubbed Telekopye, that operates as a Telegram bot that helps scammers run phishing campaigns, including writing phishing emails and text messages.
Aura, whose app offers online protection for devices, outlined almost a dozen Telegram app scams, including phishing.
In their report, the Guardio researchers focused on what they could find for phishing attacks.
For as little as $230, they were able to pull together a malicious campaign from what's available on Telegram.
All the building blocks - phishing web page creation, ways to host the operation, an email sending system, message writing, finding valid and relevant email addresses to target, and ways monetize the credentials stolen in the campaign - were available on Telegram, all offered at a low price of for free.
There are multiple options to choose from for hosting, sending phishing emails - like hacked credentials and backdoor mailers - data for finding email and phone numbers to target, and for making money from what's been compromised and stolen.
The logs aren't expensive: social media account credentials can be bought for as little as a dollar, though banking accounts and credit can go for hundreds of dollars.
Zaytsev and Tal also noted that phishing campaign tools often come from legitimate websites, services, or accounts that are compromised.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 01 Feb 2024 18:43:05 +0000