Modern phishing operations facilitated by Telegram

Popular instant messaging service Telegram has become a haven for cybercriminals and other threat actors looking to conduct phishing attacks due to the widespread availability of malicious tools and hackers-for-hire services across the platform, according to The Hacker News. Attackers could spend little to nothing in availing phishing kits, web shells, and backdoor mailers from digital marketplaces on Telegram, a report from Guardio Labs revealed. Such marketplaces also include massive datasets including phone numbers, email addresses, and sometimes even names and home addresses, which could be leveraged for tailored attack targeting. Threat actors have also been using Telegram to peddle stolen social media account credentials, credit cards, and banking accounts. "This situation highlights a dual responsibility for site owners. They must safeguard not only their business interests but also protect against their platforms being used by scammers for hosting phishing operations, sending deceptive emails, and conducting other illicit activities, all unbeknownst to them," said researchers.