Cybercrime Services Market on Telegram Continues to Grow
Experts from Positive Technologies have analyzed cybercrime-related posts in Telegram channels and chats. Their research shows that most messages in the messenger are dedicated to the compromise of user data, including its purchase and sale. A record number of hacker-themed messages was recorded in the second quarter of 2022: over 27,000 messages, which is 2.5 times more than in the same period last year.
Researchers note that the number of cybercriminal posts on Telegram began to increase significantly in 2020, and in 2021, user activity in relevant channels and groups grew 3.5 times. Experts attribute this growth to a mass migration of users from cybercrime forums to messengers. This shift followed the discovery of numerous critical vulnerabilities in forum engines in 2020β2021, as well as several major forum hacks in 2021, which likely drove users away from those platforms.
Most of the messages studied by experts were related to user data, including its trade and fraudulent operations (52%). Next in the statistics were posts about cybercrime services (29%) and the distribution of malware (15%).
Malware and Stealers
Among malware, remote access tools (RATs) were the most in demand (30%), followed by stealers (16%). The most popular infostealer was RedLine, which cybersecurity specialists from various companies have long warned about. RedLine was mentioned in more than 18% of messages, including discussions of its features, sales, distribution of its source code, and information collected using the stealer. Other stealers frequently discussed on Telegram include Anubis, SpiderMan, Oski Stealer, and Loki Stealer, with prices ranging from $10 to $3,500.
Experts note that the price of malware depends on its type, functionality, and usage period. For example, obfuscation tools can cost from $20 to $100, while a botnet or a guide to creating one can cost up to $750. The price of a miner ranges from $10 to $1,000: for $10, you can buy a simple malware with limited features, while $1,000 gets you the source code of a tool with a wide range of functions, including antivirus bypass and infection without administrator privileges.
Cybercrime Services and Account Compromise
According to the study, 66% of messages about cybercrime services are discussions about cashing out funds, such as withdrawing cryptocurrency. DDoS attacks are the second most popular service, making up 16% of messages in this category. About 9% of posts offer hacking services, including stealing email and social media accounts, as well as hacking websites and servers. One in five DDoS-related messages is an ad for attack services. The cost of a DDoS attack depends on its duration: $8 per hour, and a week-long attack can cost $200 or more.
Messages about hacking accounts on VKontakte, Telegram, WhatsApp, Viber, and other social networks and messengers make up 72% of all posts about resource hacking. Compromising a VKontakte account can cost from $10 to $50. Messenger accounts are more expensive: for example, hacking a Telegram, Viber, or WhatsApp profile can cost from $350. Compromising a corporate account is significantly more expensive, with hackers charging at least $200, while hacking a personal email account costs about $100.
Personal and Account Data Trade
A significant portion of all messages about compromising protected information involve personal (43%) or account (42%) data. These include ads for buying or selling personal information, document forgery services, and discussions of data leaks.
βIn 2021, almost half of all messages were about account compromise, but in the first half of 2022, the focus shifted to documents, personal data, and related services (71%),β notes Positive Technologies analyst Ekaterina Semykina. βThe number of messages on this topic grew significantly in the second quarter: following numerous attacks and leaks in the first quarter, there was an increase in services offering stolen copies of documents from institutions. For example, 28% of messages in this category are ads for selling data and related services (such as document forgery or creating electronic signatures), and every tenth message is about buying such data.β
Most messages about account data are about selling accounts for streaming platforms, social networks, crypto exchanges, and brokerage firms. For example, a Spotify account can cost $5, while a premium Netflix account with a one-year subscription starts at $10.
Spam and Mass Messaging Services
Experts also note that spam and mass messaging services are popular on Telegram. Most often, SMS spam is offered (54% of messages on this topic), followed by email spam (32%). Prices are usually calculated based on the duration of the campaign or the number of messages. For example, the average cost for one email address is about 50 rubles per hour of spam or per 1,000 emails.