Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Telegram: The New Hub for Cybercrime 🚨
According to a detailed analysis by the research firm CYFIRMA, Telegram has transformed into the primary “office” for hackers, effectively moving the shady dealings of the old Dark Web into a much faster and easier-to-reach space. Previously, if you wanted to buy stolen data, you had to access the Tor network, which has been a constant target for police. CYFIRMA’s latest research suggests that Telegram has fixed that problem for them.
Groups like IndoHaxSec now use it as a backup system. If their main channel gets banned, they simply point their followers to a new one. This resilience makes it almost impossible for authorities to fully pull the plug.
A Fully Automated Shopping Mall for Crime 🛒
The Telegram app is a fully automated shopping mall for crime because hackers now use bots (programmed scripts) to do the heavy lifting. Brokers sell direct entry into big companies, showing live proof, like screenshots of a company’s VPN portal or their private Azure and AWS cloud dashboards. Additionally, cybercriminals can buy a subscription to viruses; these tools, like stealers and loaders, are updated regularly just like legitimate software. Log Clouds are also traded, which are massive, searchable databases of stealer logs that are collections of usernames and passwords harvested from infected computers worldwide.
Ransomware groups use public channels to bully companies by posting leak countdowns and samples of private files to force a payout.
The Role of Telegram in Cybercrime 🌐
For financially motivated actors, Telegram functions as a scalable storefront and customer support hub. For hacktivists, it serves as a mobilization and propaganda amplifier. For state-aligned operations, it offers a rapid distribution channel for narratives and leaks. In many cases, Telegram complements and increasingly replaces traditional Tor-based ecosystems by removing technical friction while maintaining operational flexibility.
Researchers noted that groups like NoName057 and the Cyber Fattah team use the app to rally digital soldiers. They announce targets for DDoS attacks, where they flood a website with so much junk traffic that it crashes, and then brag about the results instantly.
Increased Cooperation with Law Enforcement 🚔
Telegram has reported a major rise in the amount of user data it shares with law enforcement agencies worldwide. The platform provided identifying information such as phone numbers and IP addresses to authorities hundreds of times in 2024. In the United States alone, Telegram fulfilled around 900 law-enforcement requests affecting more than 2,200 users. UK authorities received data on 142 cases affecting 293 users, a sharp jump from earlier reporting periods, which showed only single-digit requests.
Despite this increased cooperation with investigators, cybercriminal activity on Telegram continues to expand. This suggests that while data sharing may help investigators track suspects after incidents occur, it has not significantly slowed the growth of cybercrime communities operating on the platform. This research is highly concerning because it shows that Telegram has made cybercrime much more professional and accessible, turning a once-hidden underground world into a high-speed, automated industry.