A comprehensive cybersecurity report by F6 (formerly FACCT) reveals an alarming 25.5% increase in compromised Telegram accounts during the second half of 2024 compared to the previous year. This surge in account theft highlights the evolving sophistication of cybercriminal operations targeting messaging platform users.
Scale and Impact of Coordinated Phishing Campaigns
The investigation uncovered a massive operation where a single threat actor group managed to compromise over 1.24 million Telegram accounts between July and December 2024. Security researchers identified at least seven active cybercriminal groups specializing in Telegram account theft, indicating a well-organized underground ecosystem.
Underground Market Dynamics and Account Valuation
Analysis of dark web marketplaces shows that compromised Telegram accounts are commanding increasingly higher prices, with accounts linked to specific regions fetching up to $1.75 each. The valuation criteria include premium subscription status, administrative privileges, conversation history depth, and the “aging” period – the time between compromise and resale.
Digital Asset Exploitation
Cybercriminals are particularly targeting accounts containing valuable digital assets, including Telegram Stars cryptocurrency and collectible NFT gifts. Some virtual items within compromised accounts have been valued at several hundred dollars, with Telegram Stars being traded at specific exchange rates in underground markets.
Advanced Phishing Infrastructure and Techniques
The attack infrastructure employs sophisticated web panels and automated Telegram bots to create convincing phishing campaigns. Common lures include fake monetary rewards, security alerts, and premium subscription offers. A particularly dangerous automated combo scheme enables compromised accounts to propagate malicious links automatically, creating a self-sustaining infection chain.
Security experts strongly recommend implementing two-factor authentication, regularly monitoring active sessions, and maintaining heightened vigilance against suspicious messages. Users should be particularly wary of time-sensitive offers or unrealistic rewards, as these are common social engineering tactics. Regular security audits of connected devices and immediate reporting of suspicious activities can significantly reduce the risk of account compromise. Organizations utilizing Telegram for business communications should establish clear security protocols and conduct regular staff training on phishing awareness.
