Cybercriminals are using encrypted chat apps as illegal marketplaces

The last year has seen a huge rise in the use of private messaging apps, with Signal announcing in January a 677% rise in downloads in just a few days during January. Rival service Telegram reported a similarly impressive 146% growth in downloads for the same period. In April 2020, the company said that it had over 400 million users, with millions of new users joining per day.

Often these apps have been used for very positive ends. For instance, in a previous article, I explored how encrypted messaging has changed how protest movements operate, with the robust security measures preventing an often insurmountable barrier for governments who wish to interfere in the ways in which people communicate. Apps, such as Telegram, have been used by pro-democracy movements in Hong Kong, Russia, Iran, and Thailand, for instance.

Illegal activity

A recent analysis by Norton found that encrypted chat apps were also commonly used by criminals as a secure marketplace for illicit activity. The fact that the platforms are almost impossible to moderate makes them ideal for traders in illegal goods to communicate with customers without the risk of law enforcement agencies listening in.

The research discovered a panoply of illicit items being sold on Telegram, including stolen gift cards, pirated software, personally identifiable information, fake documentation, and various tools designed to support acts of cybercrime, such as distributed denial-of-service attacks. Indeed, the Norton researchers also found various attempts to sell so-called Covid vaccines.

The motives for these acts vary, ranging from the relatively easy profits from selling counterfeit goods to the desire to launder stolen items, such as credit cards, into usable money. While platforms such as Telegraph have a multitude of legal and useful purposes, the selling of counterfeit goods was found to be sadly all too commonplace, whether it is luxury items or high-end electronics.

Exploiting stress

Most worrying of all, however, was the growing trade in supposed Covid vaccines. Across society, we have seen a burgeoning trade in cybercrime during the pandemic as criminals have attempted to exploit the stress and confusion caused by the pandemic. 

The stress felt across society was also being exploited by the robust trade in a variety of tools designed to support cybercrime. 

For instance, the researchers found a number of vendors renting out DDoS infrastructure, as well as cheat codes for various games and online services.

The stressful situation presented by Covid-19 has also helped to support a flourishing trade in personal information, with major data breaches providing data brokers with a rich array of information to trade online. This treasure-trove includes phone numbers, social security numbers, bank account details, and more.

It’s perhaps no surprise that Telegram is a fertile environment for cybercrime, as these criminals are often among the earliest adopters of a wide range of technologies. While it’s quite probable that messaging apps, such as Telegram, will be increasingly used by legitimate vendors, for now, they are a hive of illicit activity.


Perhaps the most famous example of cybercrime on Telegram is the Televend network of so-called robot drug dealers. The automated software platform provides an easy way for people to buy narcotics, often using bitcoin.

The platform provides users with instructions via the program's learning channel, which gives users the lowdown on what the bot does and how drug dealers are currently using the app.

“Televend is an auto-shop bot network for direct dealers, we administer the bots and vendors run them like private shops,”

message on a Telegram channel for drug dealers 

“Customers can visit them and pay with bitcoin, track orders and payments, plus leave feedback and ratings. Vendors control the listings and configuration of their bot via a .onion Tor-based control panel so no Telegram account is needed to vend. At this control panel, they can add listings, process orders, answer messages, and other features.”

The developers claim that the platform already has over 200,000 users, with the bots notifying clients when drugs are available or if discounts are being offered. As with legal e-commerce platforms, users are encouraged to leave feedback and rate each vendor, thus providing a degree of trust in the criminal underworld. With no escrow system in place, this level of trust is crucial for the network to function.

The anonymous and encrypted nature of Telegram ensures it’s a natural home for activities that people would rather be kept out of the spotlight. The data from Norton highlights the level of illicit activity that’s taking place on the platform, and to date, law enforcement agencies have proven largely powerless to stop it. As such, it’s likely to be a trade that will continue to thrive, at least until agencies develop more effective means of stopping it, which could take some time.

Leave a Reply

Your email address will not be published. Required fields are markedmarked