MalwareBytes security researchers have discovered a new method of data exfiltration from hackers Magecart. Remember, the latter infect e-commerce sites to steal credit card data when the user validates an online payment form. This data is then sent to servers controlled by hackers.
But a new variant of this attack uses Telegram messaging. At the fateful moment, the data is encrypted and sent to a specific private discussion thread, using Telegram’s programming interface.
The advantage, according to MalwareBytes, is that hackers do not need to create their own infiltration structure and in addition, it eliminates the risk of having that structure dismantled. Telegram’s servers, to be sure, will always be in place. Better still: hackers can even receive a real-time notification each time a bank card passes through their hands, “Which allows them to monetize more quickly the cards stolen in the underground forums”, points out MalwareBytes.