Credit Cards Telegram Channels Exposed to Security Threats

Credit cards Telegram channels are a convenient way to manage your finances, but they also pose a significant security threat. Many users have fallen victim to phishing scams that trick them into revealing sensitive information.

Some of these channels have been found to be run by scammers who use fake Telegram bots to collect credit card information from unsuspecting users. These scammers often promise unusually high rewards or low interest rates to lure users into providing their sensitive information.

A recent investigation discovered that over 100 credit cards Telegram channels have been exposed to security threats, with some channels boasting millions of subscribers. This has led to a significant increase in credit card-related scams on the platform.

These scams can result in financial losses for users, making it essential to exercise caution when interacting with credit cards Telegram channels.

Credit card security threats are very real, and one of the most insidious methods involves using Telegram to exfiltrate stolen credit card details. This is not an isolated incident, but rather a tactic used by attackers to pilfer data while hiding behind a cloak of anonymity.

In one reported case, a WooCommerce website was compromised, and the attackers used a custom script.js file to send credit card information to a Telegram chat bot via CURL. This allowed them to spirit away the stolen data to a Telegram chat room where it could be quickly sold on the black market.

The malicious script used the btoa function to serialise and base64encode the content, which was then sent to the feed-rss-comments.php file. This file, however, was not a WordPress core file, but rather a fake file created by the attackers to deceive the website owner.

The feed-rss-comments.php file received the input, appended user agent and IP information, decoded the base64 encoded content, and used the Telegram API to send the content to a designated chat bot. This is just one example of how attackers are using Telegram to exfiltrate stolen credit card details.

Here are some key facts about credit card security threats:

Skimmers are malicious scripts that can be embedded in websites to steal sensitive information, including credit card details. They can be found in various forms, including Telegram-based skimmers.

A Telegram-based skimmer was first publicly documented by security researcher @AffableKraut, who shared a Twitter thread about the issue. This skimmer checks for web debuggers to prevent analysis and looks for fields of interest such as billing, payment, credit card number, expiration, and CVV.

Skimmers can be used in various ways, including in WooCommerce environments. In one instance, a WooCommerce credit card skimmer used a Telegram bot to exfiltrate stolen data. The skimmer initiated a POST request when triggered by the "Place order" button on the checkout page of the website.

The malicious script sent the stolen data to a Telegram chat room, where it was quickly sold on the black market, resulting in bogus transactions on the victim's credit cards. This is not the first time Telegram has been used to exfiltrate stolen credit card details or other sensitive data.

Here's a breakdown of how the skimmer worked: