Despite the recent takedown of the RedLine malware variant and a crackdown on “problematic” Telegram content, the credential abuse market is as vibrant as ever.
This was revealed by new research from ReliaQuest.
According to the company, cybercriminals appear undeterred by Telegram CEO Pavel Drurov’s recent arrest, promise to remove problematic content, and announcement of a more proactive approach to complying with government requests.
Bad actors have long used Telegram, an end-to-end encrypted online messaging service, as a marketplace for selling stolen credentials. Despite Drurov’s promise to share user information with law enforcement, they continue to do so.
ReliaQuest’s researchers observed only one user expressing hesitation to use the platform, with most posts still containing contact details.
However, the report suggests the cybercriminal marketplace Russian Market remains the ‘go-to’ for stolen credentials. Unlike other platforms, it provides detailed information about the origins of its leaked data, including the type of info stealer used, the internet provider, and the location of the theft.
It also states that while RedLine info stealer activity has halted in the wake of a recent law enforcement crackdown, the malware variant is likely to resume in the next three months. ReliaQuest ranked RedLine as the second most common info stealer of 2023, seeing a 44% jump in listings from Q3 to Q4, just behind LummaC2.
Meanwhile, the broader credential abuse market continues to flourish. In Q3 2024, credential exposure alerts comprised 75% of alerts across the ReliaQuest customer base.
Current law enforcement efforts are clearly doing little to stifle credential abuse, and more needs to be done to combat the issue.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.