Ransomware operators, malware developers and other criminals are shifting their activity from the dark web to Telegram channels. This is reported by Bleeping Computer, citing a report from Flare’s DRPS-platform.
Experts note that cybercriminals are increasingly shunning Tor sites due to their slowness and heightened attention from law enforcement.
Moreover, traditional darknet marketplaces operate as a clearinghouse, holding transactions for 14 days to prevent fraud.
“Marketplace owners can store millions of dollars in cryptocurrencies [which carries the risk of] an exit scam,” Flare noted.
Telegram, by contrast, offers a number of advantages for cybercriminals, including speed, ease of finding information, and a large user base.
The messenger provides the necessary level of anonymity, as it does not track IP addresses and enables private chats.
Typically, Telegram channels linked to criminals specialise in a single type of activity, unlike darknet marketplaces. Some of them operate on a premium basis, selling monthly access to the information posted there for $200-400 in Monero.
The messenger also enables hackers to band together to organise joint attacks on a company or critical infrastructure.
In the second quarter of 2022, Positive Technologies specialists recorded a twofold growth of the market for illicit cyber services on Telegram.