Sunday, June 15, 2025
Homecyber securityTelegram Increasingly Abused For Selling Stolen Financial Details

Telegram Increasingly Abused For Selling Stolen Financial Details

Published on

SIEM as a Service

Follow Us on Google News

The cybercriminals are actively abusing the Telegram messenger for setting up underground channels and selling stolen financial details on them and also executing their other illicit activities as well.

Why are threat actors abusing Telegram instant messaging service? 

They did so due to its features and user base, as Telegram has an active user base of more than 500 million, and not only it also offers end-to-end encryption communication to its users.

- Advertisement - Google News

While apart from this, here we have mentioned other six key reasons due to which the threat actors find Telegram as one of the most lucrative selection to promote their malicious activities:-

  • The approach of loose moderation.
  • Only censoring extremist content.
  • Easier to set up a Telegram channel.
  • Easier to promote and draw a wider audience.
  • Telegram channels are more volatile and short-lived.
  • Telegram channels are harder to track.

An Abiding Trouble

In a recently published report, the cyber security experts at Cybersixgill have justified the data that they have collected throughout the following years:- 

  • 2020
  • 2021

As they have claimed there is a tremendous drop in the sale volume of financial accounts in Telegram, but, it doesn’t mean that it’s an end, so, it still remains a stable issue.

During the analysis, the bot spam was filtered and mainly targeted the focus on the high-quality data in which several keywords were identified that are related to:-

  • Financial account sales.
  • Money laundering.

Here, as compared to the report of 2020 the stark nosedive of 60% is the prevailing reduction of newly-issued credit cards that are issued during the pandemic.

Here’s what Cybersixgill’s analysts stated:-

“This stark nosedive in the discourse surrounding compromised accounts from 2020 to 2021 might seem remarkable, but it is not an isolated event; a parallel decrease was also identified in the total number of compromised credit cards sold on underground markets throughout the same period.”

Moreover, among all the mediums the threat actors have actively abused the services of PayPal that is followed by Chase and Western Union, as in the graph below you can see.

The attackers targeted and abused PayPal most due to its two key features:-

  • The direct way to drain funds from other people.
  • Easy to make online purchases.

Most of the compromised accounts were used by the buyers for purchasing cryptocurrencies, and they are hard-to-trace which makes the execution of money laundering easier for the threat actors.

Credit Cards and Bank Logs

On Telegram channels at a smaller volume, credit cards are also offered by the threat actors. And price range varies between $10 to $1,500 for a single card, all these depend on the following points:-

  • Bank account balance.
  • The freshness of the data. 

All the stolen and compromised cards that are sold belong to the following services mainly:-

  • Chase Bank
  • Bank of America
  • Wells Fargo
  • Western Union
  • Visa
  • Mastercard

While apart from this, along with stolen credit cards, the attackers also sell compromised dank credentials, which are termed as “Logs” on the dark web.

On Telegram channels, all these are just a tiny part of the activities executed by the threat actors since Telegram offers several easy-to-use features and hard-to-trace anonymity which make this platform more vicious.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...