April 14, 2024
Yes, Telegram is a very serious threat to your phone

If you have Telegram installed on your phone, there are security and privacy risks you need to understand. But a new report warns of an even more dangerous threat to your phone from messaging apps, and the threat is about to get worse.

There is nothing like Telegram. A messaging platform that you can use with your friends and colleagues, but which is also notorious for use by criminals and terrorists, and which has almost become an easy-to-access version of the dark web.

That’s certainly the conclusion of a new report from the Guardio this week. This messaging app,” they warn, “has transformed into a bustling hub where experienced cybercriminals and newcomers alike exchange illicit tools and insights and mine a wealth of tools and victims’ data. Create a dark and well-oiled supply chain. Free samples, tutorials, kits, even hackers for hire—everything needed to create a complete end-to-end malicious campaign.”

Guardio researched the availability of so-called phishing kits on Telegram, which were used to attack phones and PCs. He says the phishing ecosystem has been democratized. “There was a time when kits, infrastructure and information were only available on invite-only forums in the dark web, hidden behind the Tor Onion network. Today, they are easily and publicly available on Telegram – accessible through a simple search.

If you ever wonder why your email is filled with fake mails coming from your bank or service provider, this is the reason.

Telegram has definitely gone mainstream. Its press team says it is one of the five most downloaded apps in the world, with approximately 700 million active monthly users. “Telegram is committed to protecting user privacy and human rights such as freedom of speech and assembly. It has played a major role in pro-democracy movements around the world, including in Iran, Russia, Belarus, Myanmar and Hong Kong.

Contrast this with its darker side. Telegram has become an everyday storefront for build-your-own attacks that are launched at people using the messaging platform as if it were just a normal application.

Telegram has always had a healthy fan base, even if it is somewhat outside the mainstream. But then in early 2021, WhatsApp faced some problems on Facebook and Telegram installs increased. For a while after that it seemed like everyone was jumping ship.

Putting aside its dark web credentials, the irony with Telegram is that while it touts its security and privacy credentials, it is actually not as secure as WhatsApp. There is no default end-to-end encryption, your message content is protected by policy, not technology. And in a world where Google Messages and even Facebook Messenger are now end-to-end encrypted by default, this discrepancy is hard to see.

But although this may be a threat to your privacy, it is not a threat to your phone. On the other hand, there is definitely malware for rental or purchase. Mobile phishing is on the rise, given the glued-to-hand nature of our devices, the rise of remote and hybrid working, and – critically – phishing is much easier on mobile.

More from ForbesGoogle issues sudden update warning to Samsung Galaxy users

As Lookout explains, “Mobile is an unsafe blind spot – mobile devices present a fundamentally different environment from laptops or desktops. They can give a significant edge to attackers who use small screens, simplified interfaces and hidden URLs to their advantage. This, combined with our natural tendency to immediately tap on anything that comes across our smartphone or tablet screen, gives phishing attacks a greater chance of success.

And so for Telegram, Guardio describes the ease by which “anyone can stumble across… public channels, groups, and bots bustling with thousands of participants… offering various products and services, tips and tricks… , and display knowledge you once had to dig deeper” Getting even close to the dark web is shocking.

For example, they easily found “a phishing campaign targeting millions of Facebook business accounts”… This campaign used Telegram channels to offer hijacked social accounts of victims targeted by phishing and malware. There are credentials and session cookies on sale – many of them fresh from the oven, having been hacked and stolen a few hours or even minutes ago, and already available for sale.

Kaspersky reported on the same Telegram issue last year, warning that “ordinary users are not the only ones who have recognized the messaging app’s useful features – cybercrooks have already made it an offshoot of the dark web… Phishers create Telegram channels through which they provide information about themselves.” Tell the audience about phishing and ‘What kind of personal data do you want?’ Entertain customers with surveys like

Guardio’s report describes the ease with which potential cybercriminals can set up a phishing webpage, arrange for its hosting, and even send emails that appear to be linked to their scam. “Our efforts will soon start bearing fruit,” he said. “Victims fall into the trap by clicking on the link and some even proceed to log into the fraudulent bank site – our scampage. “Once they do, their bank accounts are at risk.”

This is not just criminality on Telegram. It is known for featuring some of the darkest content in the Middle East, such as Hamas terror channels. There were reports that the platform had restricted access to this content, although this did not appear to be the case.

In fact, the platform has been notorious since the beginning for shielding illegal content from the authorities while playing up its anti-establishment role. What has changed is its drive for legitimacy, which has included waging a social media battle with WhatsApp over which platform is more secure.

So, let’s be very clear. It doesn’t matter that WhatsApp is owned by Meta. The content you send is end-to-end encrypted and you can be confident in its security and stability. If you’re concerned that metadata detailing your location and contact lists may be tracked, perhaps even who you messaged and when, use Signal.

As Kaspersky warned last year, “Telegram’s developers consider their product to be safe and secure. But in practice this is not entirely true. The reality is that Telegram has a number of quirks that make it a little difficult to keep your messages secure… Some questionable features in both the messenger’s interface and general logic make it less secure than commonly believed.

In reality, Telegram fails to offer an attractive messaging option, as it still does not offer the usual default end-to-end encryption. And its ever more hidden, darker side is now so close to the surface, my advice is to stay away from it. You can ignore jokes with funny X account and other platforms. This is not a game.

Leave a Reply

Your email address will not be published. Required fields are marked *