Telegram has become the working ground for creators of bots and phishing kits looking to market their products to a wider audience or recruit unpaid assistants.

Although the messaging platform has been used for cybercriminal activities for several years, it seems that threat actors in the phishing field have started to rely on it more recently.

One trend has been observed by researchers at cybersecurity firm Kaspersky, who have found that a community has formed around the increasingly popular topic of phishing.

From selling services to offering advice and free tutorials, phishing actors are extremely active on Telegram.

Phishing Services Offer

A Kaspersky report notes that phishers sell all types of phishing materials and services to interested buyers, including ready-to-use kits, fake pages, tool subscriptions, guides, and technical support.

According to the researchers, the following services are currently offered via Telegram:

• Free phishing kits with pre-packaged tools that allow users to create phishing pages that mimic well-known brands.

• Creation of automated phishing pages (based on robots) and collection of user data.

• Premium phishing and scam pages with a customizable interface, anti-bot systems, geo-blocking, URL encryption and even social engineering elements. The cost of these kits ranges from $10 to $300, depending on their features.

• Stolen personal data and online banking credentials that are often checked.

• Phishing-as-a-service (PhaaS) subscriptions that provide access to tools, beginners’ guides, technical support and regular updates for provided anti-detection systems.
• One-Time Password (OTP) bots that help phishers automatically bypass 2FA (two-factor authentication) protections. These services are offered on subscription models at an indicative price of $130/week, or $500/month for custom deployments.

Some reputation-conscious vendors sell kits that encrypt stolen data so that neither they nor the operators can access the victim’s information without paying their share to the other party.

Kaspersky says Telegram is also where would-be scammers can learn about phishing activity for free.

More experienced phishers create Telegram channels with bots that provide step-by-step instructions to generate a phishing page.

The process is fully automated and ends with the generation of links to fake websites registered by the bot controller that imitate popular brands and services.

The only thing left for the novice phisher is to distribute the links and wait for the victims’ sensitive information to be passed to the bot.

With this setup, the experienced phisher prepares a potential client and can also retrieve a copy of the data.

Offering the above via Telegram not only makes operations easier and more profitable for sellers, who now do all the work by the platform’s bots, but also lowers the barrier of entry for inexperienced threat actors. or would-be phishers, facilitating their access to this crime. space.

Kaspersky claims to have detected more than 2.5 million malicious URLs generated using phishing kits in the past six months and prevented 7.1 attempts by users to access its products during the same period .

These figures reflect the massive scale of phishing operations. This growth is made possible by the uncontrolled proliferation of kits and services and the booming activity that supports it on Telegram.