Telegram, the popular messaging app known for its end-to-end encryption and privacy features, is the preferred a hub for cybercriminals to offer their services to other criminals. Now, phishing as a service is emerging as the latest cybercrime trend on Telegram.
Cybercriminals are using Telegram as a platform to offer phishing as a service scheme to their peers, according to a report published by cybersecurity company Kaspersky Lab.
These phishing as a service schemes are being offered as a subscription-based model, creating a cybercrime trend where the users can pay for access to phishing tools and services, researchers found.
These channels and groups have become a popular way for cybercriminals to connect with each other and offer their services, establishing it among as a new cybercrime trend.
“Over the last six months, we have detected 2.5 million pages generated with phishing kits,” said the report.
Phishing as a service
“In addition to one-time sales of phishing kits and user data, scammers use Telegram channels to sell a range of subscriptions with customer support included,” said the report.
“Support includes providing updates on a regular basis for the phishing tools, anti-detection systems and links generated by the phishing kits.”
According to Kaspersky researchers, the phishing as a service offers being made on Telegram are highly sophisticated and are designed to target individuals and businesses alike.
These services include phishing kits, fake websites, and email templates, all of which are designed to deceive users into providing sensitive information.
One of the services offered by cybercriminals is an OTP (one-time password) bot, which can be subscribed to on a weekly or monthly basis.
Many organizations enforce a two-factor authentication (2FA) requirement these days, which makes it impossible to hijack an account with just the login and password. Phishers use OTP bots to try and hack 2FA.
The bots call users, posing as the organization maintaining the account that the phishers are trying to hack, and convince them to enter a 2FA code on their phones. The calls are fully automated. The bot then enters the code in a required field, giving the phisher access to the account.
“According to a bot vendor we talked to, a weekly subscription with unlimited calls will set a beginning scammer back $130, while a monthly subscription including bot customization costs as much as $500,” said the report.
Another OTP bot is offered on a pay-per-minute, prepaid basis. Rates start at $0.15 per minute depending on the destination.
The bot can record calls and store settings, such as the victim’s phone number, name, and account details.
“A customer who shares this information with the bot creators, along with a screenshot showing the victim’s account number, balance and other details, may be rewarded with a small amount added to their OTP bot balance: $5 for two units of information and $10 for three or more.”
Telegram, cybercriminals, and cybercrime trends
The ongoing Russian invasion of Ukraine saw hacktivists and cybercriminals massively using Telegram for their activities and agenda.
Cybersecurity firm Check Point has assessed that the number of groups on the messaging app has surged six times its number since the onset of the conflict in February 2022.
The report further notes that several of these groups, which are dedicated to specific topics, have experienced significant growth, with over 250,000 members in some cases.
The combination of simplicity and security has made Telegram an ideal communications platform for attackers, allowing them to communicate individually or in groups, and transfer large data files, noted cybersecurity firm Intel 471.
In addition, Telegram enables users to create specialized channels for interests that are not commonly found on traditional cyber underground forums, allowing threat actors to conduct criminal operations by joining groups and channels that align with their interests and objectives.
“Of the cybercriminal groups Intel 471 has observed, Telegram is considered the preferred method of anonymous communication as opposed to in-forum messaging services monitored by administrators,” said the Intel 471 report.
In addition, Telegram enables threat actors to avoid the requirement of using a web host or domain service, which could make them susceptible to distributed denial-of-service (DDoS) attacks, the report added.
