Malpedia Library

Click here to download all references as Bib-File.•

2025-08-15 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 50: phishing attack using a fake login page with Telegram exfiltration. Simple Javascript example.

2025-08-04 ⋅ Beazley Security Labs ⋅ Alex Delamotte, Bobby Venal, Francisco Donoso, Jim Walter, Sam Mayers, Tell Hause
Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
PXA Stealer

2025-08-04 ⋅ Sentinel LABS ⋅ Alex Delamotte, Bobby Venal, Francisco Donoso, Jim Walter, Sam Mayers, Tell Hause
Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
PXA Stealer

2025-07-30 ⋅ cocomelonc ⋅ cocomelonc
Mobile malware development trick 2. Abuse Telegram Bot API: Contacts. Simple Android (Java/Kotlin) stealer example.

2025-07-13 ⋅ cocomelonc ⋅ cocomelonc
Mobile malware development trick 1. Abuse Telegram Bot API. Simple Android (Java/Kotlin) stealer example.

2025-06-12 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 1: stealing data via legit Telegram API. Simple C example

2025-05-06 ⋅ Infoblox ⋅ Infoblox Threat Intelligence Group
Telegram Tango: Dancing with a Scammer

2025-04-27 ⋅ SentinelOne ⋅ Phil Stokes
Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram
AMOS

2025-04-01 ⋅ Reversing Stories ⋅ Hema Loganathan
Latrodectus Malware Delivered via Telegram Bot/Chat API
Latrodectus

2025-04-01 ⋅ Hunt.io ⋅ Hunt.io
Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs
Pyramid

2025-01-30 ⋅ ⋅ Intrinsec ⋅ CTI Intrinsec
Telegram Stories: voice spoofers, tools and operating modes

2024-12-18 ⋅ KELA ⋅ KELA’s Research Team
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives?

2024-10-16 ⋅ BitSight ⋅ André Tavares
Exfiltration over Telegram Bots: Skidding Infostealer Logs
404 Keylogger Agent Tesla

2024-09-09 ⋅ Github (itaymigdal) ⋅ Itay Migdal
Poshito - New Telegram C2

2024-09-04 ⋅ Check Point ⋅ Check Point
Hacktivists Call for Release of Telegram Founder with #FreeDurov DDoS Campaign
EvilWeb RipperSec

2024-06-16 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 40: Stealing data via legit Telegram API. Simple C example.

2024-01-05 ⋅ ⋅ Medium s2wlab ⋅ HOTSAUCE, S2W TALON
Story of H2 2023: A Deep Dive into Data Leakage and Commerce in Chinese Telegram

2023-12-11 ⋅ Cisco Talos ⋅ Asheer Malhotra, Jungsoo An, Vitor Ventura
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
BottomLoader DLRAT HazyLoad NineRAT

2023-09-13 ⋅ SentinelOne ⋅ Jim Walter
New Ransomware Threats and the Rising Menace of Telegram
RansomVC

2023-04-26 ⋅ cyble ⋅ Cyble
Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
AMOS