DarkGram: A Large-Scale Analysis of Cybercriminal Activity Channels on Telegram
- URL: http://arxiv.org/abs/2409.14596v2
- Date: Fri, 24 Jan 2025 05:48:16 GMT
- Title: DarkGram: A Large-Scale Analysis of Cybercriminal Activity Channels on Telegram
- Authors: Sayak Saha Roy, Elham Pourabbas Vafa, Kobra Khanmohammadi, Shirin Nilizadeh,
- Abstract summary: We present the first large-scale analysis of 339 cybercriminal activity channels (CACs)
These channels share a wide array of malicious and unethical content with their subscribers.
We developed DarkGram, a framework that automatically identifies malicious posts from the CACs with an accuracy of 96%.
- Score: 2.454909090258064
- License:
- Abstract: We present the first large-scale analysis of 339 cybercriminal activity channels (CACs). Followed by over 23.8 million users, these channels share a wide array of malicious and unethical content with their subscribers, including compromised credentials, pirated software and media, social media manipulation tools, and blackhat hacking resources such as malware, exploit kits, and social engineering scams. To evaluate these channels, we developed DarkGram, a BERT-based framework that automatically identifies malicious posts from the CACs with an accuracy of 96%. Using DarkGram, we conducted a quantitative analysis of 53,605 posts shared on these channels between February and May 2024, revealing key characteristics of the content. While much of this content is distributed for free, channel administrators frequently employ strategies such as promotions and giveaways to engage users and boost the sales of premium cybercriminal content. Interestingly, these channels sometimes pose significant risks to their own subscribers. Notably, 28.1% of the links shared in these channels contained phishing attacks, and 38% of executable files were bundled with malware. Analyzing how subscribers consume and positively react to the shared content paints a dangerous picture of the perpetuation of cybercriminal content at scale. We also found that the CACs can evade scrutiny or platform takedowns by quickly migrating to new channels with minimal subscriber loss, highlighting the resilience of this ecosystem. To counteract this, we utilized DarkGram to detect emerging channels and reported malicious content to Telegram and affected organizations. This resulted in the takedown of 196 channels over three months. Our findings underscore the urgent need for coordinated efforts to combat the growing threats posed by these channels. To aid this effort, we open-source our dataset and the DarkGram framework.
Related papers
- Illusions of Relevance: Using Content Injection Attacks to Deceive Retrievers, Rerankers, and LLM Judges [52.96987928118327]
We find that embedding models for retrieval, rerankers, and large language model (LLM) relevance judges are vulnerable to content injection attacks.
We identify two primary threats: (1) inserting unrelated or harmful content within passages that still appear deceptively "relevant", and (2) inserting entire queries or key query terms into passages to boost their perceived relevance.
Our study systematically examines the factors that influence an attack's success, such as the placement of injected content and the balance between relevant and non-relevant material.
arXiv Detail & Related papers (2025-01-30T18:02:15Z) - From #Dr00gtiktok to #harmreduction: Exploring Substance Use Hashtags on TikTok [5.086431084497832]
This paper provides the first in-depth exploration of substance use-related content on TikTok.
We examined more than 2,333 hashtags across 39,509 videos, identified 16 distinct hashtag communities and analyzed their interconnections and thematic content.
Our analysis revealed a highly interconnected small-world network where recovery-focused hashtags like #addiction, #recovery, and #sober serve as central bridges between communities.
arXiv Detail & Related papers (2025-01-27T15:11:16Z) - S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023.
The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
arXiv Detail & Related papers (2024-08-29T13:40:06Z) - Users Feel Guilty: Measurement of Illegal Software Installation Guide Videos on YouTube for Malware Distribution [3.0664883500280986]
This study introduces and examines a sophisticated malware distribution technique that exploits popular video sharing platforms.
In this attack, threat actors distribute malware through deceptive content that promises free versions of premium software and game cheats.
MalTube is particularly insidious because it exploits the guilt feelings of users for engaging in potentially illegal activity.
arXiv Detail & Related papers (2024-07-23T02:32:52Z) - Can LLMs Deeply Detect Complex Malicious Queries? A Framework for Jailbreaking via Obfuscating Intent [3.380948804946178]
We introduce a new black-box jailbreak attack methodology named IntentObfuscator, exploiting a flaw by obfuscating the true intentions behind user prompts.
We empirically validate the effectiveness of the IntentObfuscator method across several models, including ChatGPT-3.5, ChatGPT-4, Qwen and Baichuan.
We extend our validation to diverse types of sensitive content like graphic violence, racism, sexism, political sensitivity, cybersecurity threats, and criminal skills.
arXiv Detail & Related papers (2024-05-06T17:26:34Z) - Stop Stealing My Data: Sanitizing Stego Channels in 3D Printing Design Files [56.96539046813698]
steganographic channels can allow additional data to be embedded within the STL files without changing the printed model.
This paper addresses this security threat by designing and evaluating a emphsanitizer that erases hidden content where steganographic channels might exist.
arXiv Detail & Related papers (2024-04-07T23:28:35Z) - Detecting Suspicious Commenter Mob Behaviors on YouTube Using Graph2Vec [1.1371889042789218]
This paper presents a social network analysis-based methodology for detecting suspicious commenter mob-like behaviors among YouTube channels.
The method aims to characterize channels based on the level of such behavior and identify com-mon patterns across them.
The analysis revealed significant similarities among the channels, shedding light on the prevalence of suspicious commenter behavior.
arXiv Detail & Related papers (2023-11-09T23:49:29Z) - The Conspiracy Money Machine: Uncovering Telegram's Conspiracy Channels and their Profit Model [50.80312055220701]
We discover that conspiracy channels can be clustered into four distinct communities comprising over 17,000 channels.
We find conspiracy theorists leverage e-commerce platforms to sell questionable products or lucratively promote them through affiliate links.
We conclude that this business involves hundreds of thousands of donors and generates a turnover of almost $66 million.
arXiv Detail & Related papers (2023-10-24T16:25:52Z) - Uncovering the Dark Side of Telegram: Fakes, Clones, Scams, and
Conspiracy Movements [67.39353554498636]
We perform a large-scale analysis of Telegram by collecting 35,382 different channels and over 130,000,000 messages.
We find some of the infamous activities also present on privacy-preserving services of the Dark Web, such as carding.
We propose a machine learning model that is able to identify fake channels with an accuracy of 86%.
arXiv Detail & Related papers (2021-11-26T14:53:31Z) - Quantifying the Vulnerabilities of the Online Public Square to Adversarial Manipulation Tactics [43.98568073610101]
We use a social media model to quantify the impacts of several adversarial manipulation tactics on the quality of content.
We find that the presence of influential accounts, a hallmark of social media, exacerbates the vulnerabilities of online communities to manipulation.
These insights suggest countermeasures that platforms could employ to increase the resilience of social media users to manipulation.
arXiv Detail & Related papers (2019-07-13T21:12:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.