Russian Hackers Use Telegram Bots to Gather Data for Blackmail

Hackers Use Telegram Bots to Gather User Data

The Telegram messenger is popular for its privacy and security features. And yet, it also provides hackers with a handy tool for their shady craft - Telegram bots. Normally, using Telegram is quite safe, as long as you follow basic security hygiene. But recently came the news about Telegram bots being used to gather private data and then blackmail users!

What is Telegram and how secure is it? How does this bot news affect Telegram users? What other Telegram vulnerabilities and hacks occurred in the past and what can you do to boost your Telegram security and protect your privacy? Let’s figure this out!

Passwarden is also available as part of the MonoDefense security bundle

How Russian Hackers Use Telegram Bots to Violate Security

A Russian news website reports about special Telegram bots used for hacking, gathering personal data, and blackmailing Telegram users. Currently, they only target individual users, but experts warn that it’s only a matter of time till hackers use similar Telegram bots against businesses.

The modus operandi of these malicious Telegram bots is quite simple. First, they obtain the victim’s personal data by means of:

  1. Phishing attack. The bot is manufactured by hackers to trick the user into revealing their data. For instance, a Telegram bot may pretend to be a part of the security of a service the victim uses, demanding to enter an existing password to verify their identity.  
  2. Taking advantage of other Telegram bots. As an example, the news site describes MailSearchBot, used to find out whether your emails or passwords have been compromised by entering your phone number. The hacker only needs to enter the victim’s number to learn their private data; it’s partially obscured, but still provides the malefactor more than enough information to work with. 
  3. Open-source intelligence. The Telegram bot combs the internet for bits of information on a particular victim. In essence, these bots (e.g. Smart_SearchBot and AVinfoBot) can be compared to a search engine. They don’t hack you or try to bypass Telegram security - just collect whatever private information the victim themselves was careless to reveal.

Once the bot collects the information hackers need, they will use it to blackmail the victim. Most often, they will threaten to reveal the victim’s online activities to their friends and colleagues. This is aimed at people who are concerned about their Telegram privacy and don’t want their acquaintances to see their personal pictures or correspondence. Naturally, giving in and paying the money in no way guarantees that the hackers will cease their blackmail attempts. 

Secure Your Passwords from Telegram Hack

How to Secure Your Passwords from Telegram Hack

The main danger of this Telegram vulnerability is that it puts your passwords in great peril. It’s not only about Telegram security, mind you, - passwords to any services and sites that you’ve ever used can be jeopardized. This is especially true if you’re not following password security guidelines and repeat passwords across several accounts. 

Now, this is understandable. We all have dozens of profiles online, so how in the world are you supposed to memorize all those unique passwords? The trick is - you aren’t. If you wish to protect yourself from the Telegram bot hack described in the news above, use a dedicated password manager that will remember your passwords for you!

Passwarden is a great example of one such app. It offers numerous security features:

  • Allows you to generate strong passwords and save them on the fly
  • Stores your data in secure vaults, encrypted with the AES-256 protocol
  • Besides just passwords, the app can store all sorts of data - ID cards, logins, licenses, payment information, etc
  • Cross-device and cross-platform capabilities
  • Easy data import with the Migration option
  • Duress mode to protect your data if you’re forced to let someone into your Passwarden account (e.g. at customs)

What is Telegram and Why It’s Popular

Telegram is one of the most popular multi-platform messaging services. It was founded by Russian entrepreneur Pavel Durov, so it’s most well-known in Russia and Eastern Europe and is still unfamiliar to many US users. Telegram’s privacy and security are among its most prominent features and it’s often name-dropped in news and discussions. But what’s so special about it, and is Telegram truly safe?

The answer is Telegram’s focus on privacy and encryption, as well as its open-source API. Countless unofficial clients are available besides official Telegram. The app allows both to use the same account on multiple devices, and to have multiple accounts on the same device. Finally, Telegram offers end-to-end encryption in calls and secret chats. 

Is Telegram secure?

Telegram app is generally safe, or at least safer than most of its counterparts. Sure, one could argue that, for instance, WhatsApp offers more complete end-to-end encryption - it covers all messaging. But the company has ties to Facebook, which is an immediate red flag for anyone concerned about their privacy and anonymity. Other security and privacy features of Telegram include secret chats, the ability to delete your message for everyone on the service or program it to self-destruct. 

Notorious Telegram Hacks and Vulnerabilities

With all that being said, Telegram is hacked occasionally, proving that even this service is not without vulnerabilities. 

How to protect your data from the sticky fingers of cybercriminals

Hacking animated Telegram stickers 

As recently as February 2021 came the news about a security flaw that could expose users' secret chat messages, photos, and videos to hackers. This Telegram vulnerability stemmed from the way the functionality of secret chat operates. And, in particular, how it handles animated stickers. Attackers could send malformed stickers to their victims, gaining access to their messages, videos, and photos (even those shared through secret chats).

Viewing self-destructing messages

Another Telegram vulnerability concerned its self-destructing messages. As mentioned earlier, in this app you can configure your message to be deleted automatically. Well, this particular bug would allow hackers to access your self-destructing video and audio messages on the system even after they disappeared from the chat (once again, even the messages from secret chats!)

Hacking private Telegram media files

Yet another attack scenario for a Telegram hack, dubbed Media File Jacking, has to do with the app’s ability to interact with the external storage of the device it’s installed to. If malicious software gets installed on a victim’s device, it can manipulate and intercept media files sent between users. This includes documents, payments, private photos and videos, etc. 

A curious application of this particular Telegram vulnerability is to spread fake news. If such malware finds its way to the device of an administrator of a Telegram channel, it can compromise the files it sends to the chat. For instance, to hack the media sent to a trusted Telegram channel feed to spread fake news.

Leaking users’ IPs

A couple of years ago, a vulnerability caused Telegram to leak users’ IP addresses during voice calls. As you can imagine, for an app as fixed on privacy and security as Telegram is, this was a huge issue. This happened because, in desktop versions, the app would use a P2P connection, which was good for voice quality, but for Telegram’s security - not so much.

Hacking Telegram to spread malware

From the very launch, the app had to face some security issues. A zero-day Telegram vulnerability was exploited by hackers to spread crypto-mining malware. It stemmed from how the app handled a special hidden RLO Unicode character. While normally used to inform the system that a text is written in a right-to-left language, it could also obscure malicious files’ names, misleading users into opening them.

Stay Secure on Telegram!

Store your passwords and personal data with Passwarden

March 17, 2021