Takeaways in this post:

  • Proliferating malware creates new Telegram security risks for the platform’s individual and business users.
  • Enterprises have adopted the Telegram app for business purposes because Telegram is an agile communication tool with key features such as communities and file sharing.
  • Despite the message encryption, Telegram for enterprises still poses security and compliance risks. 
  • Controls can help secure Telegram, ensure communications are compliant, and protect end users, customers, and company systems from malicious payloads and regulatory compliance risks.

Telegram Security at Risk

Threat intelligence reports reveal Telegram has experienced a surge of cyber attacks since Russia’s invasion of Ukraine, with more than 250,000 fraudulent users reported daily. Countries in Asia also increased compromises in Telegram, with prime ministers and rulers falling victim, as well.

And we’ve seen it firsthand: For example, in June 2022, our platform detected a remote-access Trojan (RAT) posted in a public crypto Telegram channel we monitor as part of our work with our financial service customers. This malware was meant to target new or unsuspecting users of the channel to steal cryptocurrency keys. We discovered backdoor and data-stealing functions that targeted cryptocurrency authentication tokens on the victim’s machine.

This is by no means the first instance of Telegram security risks involving malware. DarkCrystal RAT (commonly known as DCRat), first seen in 2018, underwent a recent revamp and has been making the rounds again in Telegram channels. Available for purchase at a low cost, DCRat malware is used as a keylogger to steal multiple account credentials, including those on Telegram.

Why Telegram?

More companies are turning to mobile apps to get work done in ways that offer the least friction, especially since the beginning of the COVID pandemic. Among these, Telegram has been a favorite of disruptive financial services and cryptocurrency firms for its simplicity, speed, flexibility, and built-in encryption.

Telegram boasts 700 million monthly active users and very high engagement rates. The app allows groups of up to 200,000 users for businesses, with support for photos, videos, and files of any type. And with the deployment of Telegram Premium, teams have access to double the limits, improved chat management, and more customer benefits. As a result, many companies have embraced the Telegram app for business ends.

A number of our customers include innovative financial firms and digital currency brokers that have embraced apps like WhatsApp and Telegram. These disruptive players adopt mobile apps faster than traditional banks, making them incredibly agile and responsive to clients. Telegram's features, ease of use, and amenability to developers have spawned an ecosystem of third-party tools, like Telefuel, that supercharge the cloud-based app into enterprise-level software for collaboration and client communication.

New call-to-action

Platform: Learn more on how SafeGuard Cyber
can secure Telegram compliance and archiving

Isn't Telegram Secure Because it’s Encrypted?

Many users rely heavily on Telegram’s messenger security features to protect their data and privacy, because the app is popularly viewed as one of the most secure messaging apps in the world.

The way Telegram security works is: the app encrypts messages traveling between devices and the Telegram server, and these messages remain on the servers for a very long time, so that users can access them from multiple devices. Unfortunately, this opens a new set of Telegram risks, as a successful breach of the app’s servers could expose all messages and the information they contain.

Secret chats come with end-to-end encryption functionality, which users have to activate manually. But many forget to activate that feature, and don’t enjoy a higher degree of privacy protection for their sensitive and confidential conversations. Then there’s the issue of compliance. Ultimately, every organization needs a way to maintain governance over its business communications. Without open record keeping, enterprises are at risk of violating regulatory requirements, especially if they belong to highly-regulated industries. In a pinch, they would have to subpoena Telegram for a copy of their messages, which is unlikely to succeed. At the very least, the process would add friction to any time-sensitive audit investigations.

Even encrypted mobile chat apps are subject to security and regulatory compliance concerns. With the ability to host large groups (up to 200,000 users) and large file sizes (up to 1.5 GB), Telegram users remain vulnerable to spear-phishing, ransomware, and cyber-espionage attacks through link and file sharing, as well as the threat of data loss and compliance risks. 

Malware, Cyber-espionage, and Spear-phishing

As with WhatsApp, cyberattacks still threaten Telegram messenger safety. With groups that could include 200,000 people, it’s virtually impossible to know who’s who. Threat actors can easily infiltrate communities or impersonate known and trusted users to drop malicious links and files. Besides the incidents mentioned above, reports of stolen crypto wallets and secret surveillance of users have surfaced. Threat actors continue executing multi-channel communication attacks, because this allows them to bypass most native email security controls. And without visibility and controls, it is difficult to monitor Telegram security and detect signs of spear-phishing and cyber espionage.

Data Loss

Telegram’s 1.5Gb file size limit allows for more leeway in data sharing. However, it also means that larger, more sensitive files can be leaked. Threat actors or simply employee mistakes can leak, exfiltrate, and even accidentally delete much bigger amounts of data than with WhatsApp. This is why enterprises that plan to use the Telegram app for business need policies to stop data exfiltration and accidental sharing outside the organization.

Compliance Risks

Digital currency traders and financial service providers have seen the value of Telegram for enterprise purposes. However, theirs is an increasingly regulated industry, and a lack of adequate controls can result in serious compliance risk exposure. Users may intentionally or accidentally share customer PII or engage in conversations that violate regulatory compliance. Because of this, customers have approached us and asked how to use Telegram for business compliantly and securely. We developed our solution to help them reduce these risks and ensure legal readiness by storing full conversations in a searchable archive with audit trails for every action.

Enabling Telegram App for Business Use with Robust Security and Compliance

In response to customer concerns about how to use Telegram for business, our platform now extends our award-winning security and data loss prevention capabilities to the Telegram app. Customers are able to:

  • Capture Telegram content in native format, including deleted content
  • Perform lookback investigations to capture content published before monitoring was put in place
  • Apply security and compliance policies to ensure Telegram security.
  • Quarantine messages that violate these policies
  • Scale protections to account for multi-language environments and different regional regulatory frameworks
"Unsanctioned applications are causing a lot of stress and worry for our team. We have been hit with regulatory fines."

- CISO of a major investment firm 

Learn more about getting started and ensuring Telegram security with the SafeGuard Cyber platform.

, , , , , , ,
Image of Steven Spadaccini
Steven Spadaccini

Steven is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Prior to joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), and DTEX Systems as well as several other cyber security startups.

Related Content