Telegram Control Is Getting Tighter, Kaspersky: Criminal Ecosystems Are Getting Disturbed

Telegram illustration (photo: Unsplash)

JAKARTA - Modern messaging applications, such as WhatsApp, Telegram, Signal, and others, are often misused by irresponsible parties for illegal purposes.

The latest findings from Kaspersky Digital Footprint Intelligence show how Telegram, in particular, has become one of the favorite spaces for cybercriminals in carrying out their operations.

In monitoring more than 800 Telegram channels blocked between 2021'2024, Kaspersky found that the Telegram bot was a very dangerous tool.

The bot is capable of handling many functions at once, ranging from managing queries, processing crypto asset-based payments, to sending stolen bank cards, log infostealer, phishing kits, or DDoS attack services to hundreds of buyers every day.

Kaspersky's research also revealed two major trends in illegal activity on Telegram. First, the age of the shadow channel (shadow channel) is getting longer.

The global cybersecurity company said that the proportion of channels that lasted more than nine months increased more than three times in the 2023 '2024 period compared to 2021'2022.

On the other hand, Kaspersky saw that the blocking activity carried out by Telegram jumped significantly. In 2021 and 2022, the number of closed channels is still relatively low, the majority is only in the range of one digit to dozens.

However, entering 2023, the curve began to climb significantly. The situation changed drastically in 2024, which is the turning point with a spike in monthly blocking which often reaches 30 to 40 channels. This trend will continue in 2025.

Kaspersky considered that the stronger pressure of control actually made Telegram a less ideal environment for cybercriminals.

In addition to the risk of being blocked more quickly, they are also faced with a number of platform limitations, such as the absence of built-in end-to-end encryption (E2E) for chats, not being able to use private servers, as well as a closed server side code so that it cannot be verified.

As a result, several major criminal communities are reported to have left Telegram. BFRepo groups, which have nearly 9,000 members, as well as malware-as-a-service operations Angel Drainer is said to have moved their core activity to other platforms.

When a storefront or service disappears overnight, building a reliable business becomes much more difficult. We start to see the early stages of migration as a direct consequence," commented Vladislav Belousov, Digital Footprint Analyst at Kaspersky.