Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
The Dark Side of Telegram: A Deep Dive into Cybersecurity Concerns

The Dark Side of Telegram: A Deep Dive into Cybersecurity Concerns

Amanda McCarvill

In the world of digital communication, Telegram has become widely popular for providing users with what seems to be a secure and private messaging service. People are drawn to Telegram because of its reputation for enabling encrypted conversations, giving users a feeling of confidentiality in the ever-changing landscape of online interactions. However, recent revelations have tarnished Telegram’s seemingly invincible image, exposing a storyline of exploitation orchestrated by cunning hackers and threat actors. 

This blog post explores the various concerns surrounding Telegram, exploring instances of data breaches, the proliferation of cyber threats, and the platform’s evolving role in the world of cybersecurity.

Telegram’s Unintended Role in User Information Disclosure 

Originally designed as a non-dark web-related application, Telegram has unwittingly become a cause for concern among cybersecurity experts. Instances of user information disclosure, such as the involvement of a Lapsus gang member in Britain, underscore the unintended consequences of platforms like Telegram, where user data has been exploited to the extent of leading to arrests. 

A significant turning point in Telegram’s cybersecurity narrative is illuminated by a report from SOC Radar. The report sheds light on the top 10 Telegram channels associated with dark web threat actors and the sale of stolen data. Channels like LAPSUS$, RF/RB Bases, Null Leak, vx underground, and others expose the underbelly of cybercriminal activities flourishing on Telegram. It’s crucial to note that the dynamic nature of cyber threats means that some of these channels might no longer be active, with threat actors adapting and migrating to other platforms, disregarding Telegram. 

As Telegram’s role in cybersecurity evolves, specialized search engines like Lyzem have emerged, enabling users to identify groups, chats, or files within Telegram related to data breaches. This evolution highlights the platform’s transformation into a hub for cyber threats, necessitating proactive measures for users and security professionals alike. 

A Growing Threat Landscape 

Telegram’s newfound notoriety extends to its role as a platform for hackers to share cracked tools, including popular ones like Burp Suite. This poses a dual threat, affecting both companies and unsuspecting individuals who may unknowingly download files laden with backdoors. Some hackers exploit the guise of promoting free knowledge, akin to the Linux philosophy, to entice newcomers into downloading compromised content., another search engine, further amplifies the platform’s vulnerability by aiding in the identification of groups and communities on Telegram where hackers and malicious actors attempt to sell malware or trojans. This collaborative exploitation of Telegram’s features intensifies the challenges faced by the cybersecurity community in mitigating cyber threats.

Utilizing Telegram as a Command and Control (C2) Server

Threat actors have gone beyond conventional use and are taking advantage of Telegram’s features, utilizing it as a Command and Control (C2) server to gather information from attackers. One standout example is the credential-stealing malware called Zaraza, which targets more than 38 web browsers. Offered as a subscription service, this tool is part of the arsenal used by threat actors to potentially exploit vulnerabilities, including those found in cryptocurrency wallets. 

In August 2023, researchers uncovered QwixxRAT, a Remote Access Trojan (RAT), being sold on Telegram and Discord by threat actors. This particular malware, equipped with a Telegram bot, allows attackers to securely gather information from compromised systems remotely, underscoring the platform’s role in facilitating the distribution and sale of sophisticated malware. Researchers at cybersecurity firm Check Point have observed a disturbing trend where hackers can exploit Telegram’s systems to remotely execute malicious commands and operations. What makes this discovery even more alarming is that it can occur without the active use or installation of the Telegram app, revealing a stealthy threat vector that adds complexity to the cybersecurity landscape.

“Mammoths” Exploitation on Telegram  

Recent reports point to a new avenue of exploitation on Telegram, where malicious actors create counterfeit phishing websites as part of operations like “Mammoths.” This financial damage operation specifically targets individuals and organizations, automatically generating phishing websites and dispatching them to unsuspecting victims with the aim of stealing their credentials. 

While Telegram remains a legitimate messaging platform, its misuse by threat actors underscores the ongoing challenges of maintaining a delicate balance between user privacy and security. The collaborative efforts of the cybersecurity community, law enforcement agencies, and technology companies are imperative to combat these ever-evolving cyber threats effectively. As the digital landscape continues to evolve, the vigilance of adaptability of security measures must match the innovative tactics employed by threat actors on platforms like Telegram. The imperative for users and organizations alike is to stay informed, stay secure, and actively contribute to the collective defense against the dark side of the digital realm. 

The Rise of Social Engineering Attacks

As we navigate the cybersecurity concerns surrounding Telegram, it’s crucial to shed light on an emerging trend that has added a new layer of complexity to the platform’s security challenges, social engineering attacks. Social engineering involves manipulating individuals to divulge confidential information or perform actions that may compromise their security. Telegram, with its large user base and perceived security features, has become an attractive target for social engineering exploits. 

Cybercriminals leverage various tactics within the Telegram ecosystem to trick users into revealing sensitive information or downloading malicious content. One prevalent method is the creation of fake profiles that mimic legitimate entities, such as renowned cybersecurity experts, government officials, or even trusted friends. These impersonators initiate conversations with unsuspecting users, leading them to believe they are interacting with a trustworthy source. Once trust is established, these attackers employ persuasive techniques to convince users to click on malicious links, download compromised files, or share sensitive details. The guise of familiarity and trust built within the seemingly secure confines of Telegram makes users more susceptible to falling victim to these social engineering ploys. 


In conclusion, Telegram’s cybersecurity challenges are dynamic, with revelations uncovering layers of complexity. From unintended user information disclosure and exposure of dark web channels to its role in a growing threat landscape, the platform faces a crossroads of security issues. The rise of social engineering attacks adds a new dimension, exploiting user trust in Telegram’s seemingly secure environment. Cybercriminals adeptly impersonate legitimate entities, manipulating users into compromising actions. This evolving trend demands heightened awareness, caution, and proactive measures. The imperative for users and organizations is clear: stay informed, stay secure, and contribute to the collective defense against multifarious threats. Collaborative efforts are crucial to combatting ever-evolving challenges in this digital realm. 


DORA: Exploring The Path to Financial Institutions’ Resilience

DORA (Digital Operational Resilience Act) is the latest addition to the EU regulatory arsenal. A framework designed to bolster the cyber resilience of financial entities operating within the EU. But let’s face it: there’s no lack of regulations issued by the European Union legislature, and they’re not exactly known for keeping things light and easy.

IASTless IAST – The SAST to DAST Bridge

Streamline appsec with IASTless IAST. Simplify deployment, enhance accuracy, and boost your security posture by combining SAST and Bright’s DAST.

Bringing DAST security to AI-generated code

AI-generated code is basically the holy grail of developer tools of this decade. Think back to just over two years ago; every third article discussed how there weren’t enough engineers to answer demand; some companies even offered coding training for candidates wanting to make a career change. The demand for software and hardware innovation was

Get our newsletter