Telegram has become the new dark web for cybercriminals and the most popular chat program on the dark web

As messaging apps emerge as alternatives to the dark web, Telegram has become a hub for cybercriminals seeking to buy, sell and share stolen data and hacking tools, and the most common chat software used by criminals to communicate on the dark web, new research shows.

Launched in 2013, Telegram allows users to broadcast messages to followers via "channels" or create public and private groups that others can easily access. Users can also send and receive large data files, including text and compressed files, directly through the application. The platform says it has more than 500 million active users and surpassed 1 billion downloads in August, according to SensorTower.

Cybercriminals have been using Telegram for years because it is encrypted and easy to access. According to a recent survey conducted by the Financial Times and cyber intelligence group Cyberint, "cybercriminals' use of Telegram has increased by more than 100 percent" recently. The Financial Times says criminal activity on WhatsApp has increased after users flocked to the app following changes to the app's privacy policy.

If you recall, earlier this year, WhatsApp asked its users to accept a revised policy that allowed it to share data with parent company Facebook. Users were outraged and WhatsApp had to clarify that it still couldn't read their private communications. Even so, people migrated to competitors that offer similar secure messaging features - which, in the case of Telegram, apparently led to an increase in criminal activity through the app.

According to investigators, there is a swelling network of hackers who share and sell data breaches in channels with tens of thousands of users. In the past year, the number of mentions of "Email:pass" and "Combo" in the app has reportedly quadrupled. Some of the data dumps circulating on the app contain between 300,000 and 600,000 email and password combinations for games and email services. Cybercriminals also sell financial information such as credit card numbers, copies of passports and hacking tools through the app.

vpnMentor released a report saying that the data dumps circulating on Telegram came from previous hacks and data breaches at companies such as Facebook, marketing software provider Click.org and dating site Meet Mindful. Most data breaches and hacks appear to have been shared on Telegram only after they were sold on the dark web, or the hackers failed to find a buyer and decided to make the information public or share it.

Tal Samra, a cyber threat analyst at Cyberint, said part of the reason cybercriminals are transitioning from the dark web to Telegram is the anonymity the encrypted chat tool offers. But he noted that many of those groups are also public. Links to Telegram groups or channels shared within dark web forums jumped from 172,035 the year before to more than 1 million by 2021.

Tal Samra explained, "Telegram's encrypted messaging service is becoming increasingly popular among cybercriminals conducting fraudulent activities and selling stolen data …… because it is easier to use than the dark web " In addition to being more convenient than the dark web, Telegram is also less likely to be monitored by police, Samra said.

Telegram has removed channels to sell large data sets with email and password combinations after the Financial Times notified the company. In a statement, Telegram also said it "has a policy of removing personal data shared without consent" and that it has a "growing team of professional moderators" who remove 10,000 public communities a day that violate its terms of service. Earlier this year, after the attack on the U.S. Capitol, these moderators had to monitor hundreds of channels to keep an eye out for calls of violence.