The malicious use of Telegram is not surprising as the platform has been referred to as the “New Dark Web” in a previous report.
Cybersecurity experts at Kaspersky have identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services.
In a recent advisory, Kaspersky web content analyst Olga Svistunova revealed that phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits. Many of these channels offer tools to automate malicious workflows, such as generating phishing pages or collecting user data.
While the phishing kits used in these campaigns are relatively basic, typically consisting of a script that captures user credentials and forwards them to a bot, Svistunova noted that they are still effective. For example, victims clicking on links promising incentives like 1000 likes on TikTok may be presented with a convincing login form that resembles the real thing.