DEV Community

Cover image for 5 Levels of Telegram Spam Your Anti-Spam Bot Isn't Catching
Alexey Leshchenko
Alexey Leshchenko

Posted on

5 Levels of Telegram Spam Your Anti-Spam Bot Isn't Catching

#telegram #spam #cybersecurity #ai

Telegram spam has evolved far beyond the "Hi, I'm a hot girl, check my channel" messages most group admins are used to. In 2025-2026, spam operations have become sophisticated enough to bypass the vast majority of popular anti-spam bots.

Over the past year of running @ai_spam_blocker_bot — an AI-powered anti-spam bot that moderates 100+ Telegram groups — we've observed five distinct levels of spam sophistication.

Here's what they are and how to think about each one.

Level 1: Naked Spam (The Easy Catch)

How most bots handle it: Trivially — this is what they were designed for.

This is the spam everyone knows: unsolicited links to crypto exchanges, explicit channels, and "earn $10,000 a day" offers. It's obvious, repetitive, and easy to filter with keyword lists, regex, or simple ML classifiers.

Example:

"Hey guys check out this new crypto signal https://t.me/... It already made me 3 BTC!!!"

Most built-in Telegram filters and entry-level bots handle this well. Nothing new here.

Level 2: Text Masquerading (The First Blind Spot)

How most bots handle it: Inconsistently — regex catches some variants but misses others.

Spammers learned that keyword-based filters can be fooled by modifying the text:

  • Transliteration: "r3g1st3r" (Latin letters replaced with lookalike numbers)
  • Homoglyphs: "g00gle.c0m" (number 0 for letter O)
  • Character substitution: "fr33 m0n3y" (e→3, o→0 numeric substitutions)
  • Space injection: "j o i n m y c h a n n e l"
  • Zero-width characters: Invisible characters inserted between letters

Neural moderation catches these because it works on semantic embeddings, not character-level patterns. A transformer model understands semantic meaning — it sees that "r3g1st3r" has the same intent as "register" regardless of character substitutions.

The catch: Most anti-spam bots still rely on regex and keyword lists. They miss the majority of Level 2 attacks.

Level 3: Social Engineering Bots (The Human Mimic)

How most bots handle it: Poorly — they rely on keyword matching that doesn't apply here.

This is where spammers start using automated accounts that behave like real users. The bot joins a group, waits 2-24 hours, then posts plausible-looking messages.

Common patterns:

  • "Cool channel, thanks for the invite! By the way, does anyone know a good crypto exchange?" (innocent question → gradually introducing spam)
  • "@user you might be interested in this https://..." (replying to real conversations)
  • Asking genuinely relevant questions to a real user, then switching to spam in DMs

Why most bots fail here: Rule-based systems look for spam keywords or posting frequency. A bot that posts 3 innocent messages before the spam link looks completely normal to a keyword filter. The spam link itself might use Level 2 obfuscation too.

Real case: A spam bot joined a 500-member tech group, posted a seemingly innocent comment about Python frameworks, and interested members DM'd the bot for details — the "lucrative freelance offer" led to a crypto drainer. The anti-spam bot at the time only checked public messages — it didn't flag the comment because it contained no spam keywords. The DMs themselves were invisible to it, but the attack started with a public message that should have been caught.

The key insight: the old bot checked public messages — but only with keyword filters. An AI-based bot that analyzes message content and intent would have flagged that same comment as suspicious, even without spam keywords. The difference isn't where the bot looks — it's how it evaluates what it sees. No group-level bot can block DMs, but deleting the initial public comment breaks the attack before anyone ever reaches out.

Level 4: Neurocommenting (LLM-Powered Spam)

How most bots handle it: This requires semantic understanding — most bots don't have it.

This is the current frontier. Spammers use LLMs (GPT, Claude, open-source models) to generate context-aware, grammatically perfect comments that pass as legitimate users.

How it works:

The spam operator sets up a pipeline:

  1. Scrape the target group's recent messages (topic, language, tone)
  2. Feed them to an LLM with a prompt like: "Write a natural-looking comment for a Telegram group about [topic]. Mention [product/service] naturally in the second sentence."
  3. Post the generated comment via a real-looking account

What makes it hard to detect:

  • The text is unique (no duplicates to match against)
  • Grammar and style match the group's conversation
  • No obvious spam keywords — the link is embedded naturally
  • The same message is never reused

Tools fueling this trend: Platforms like PersonymAI and GramGPT offer turnkey neurocommenting services. MangoProxy's guide on Telegram neurocommenting shows just how accessible this has become.

A 2024 study by Kireev et al. (arXiv: 2406.08084, later accepted at USENIX Security '25) showed that LLM-generated spam achieves engagement rates comparable to legitimate promotional content while evading NLP-based classifiers.

How to counter this: The key insight is that LLM-generated text, while semantically coherent, has subtle statistical signatures. Effective detection looks at behavioral signals alongside content — account age, first message patterns, response consistency, and cross-reference with known spam profiles.

Level 5: Multi-Stage Attacks ("Spam Theater")

How most bots handle it: Not at all — no single message looks suspicious.

This is the most sophisticated spam we've seen — a coordinated multi-stage attack that can run for hours or days before the actual spam payload is delivered.

Real case study — Crypto Escrow Spam Theater:

Over several hours in a large Telegram group, the following unfolded:

  1. Act 1 — The Setup: Three accounts (different IPs, different registration dates) join the group at different times. One posts a seemingly innocent question: "Is anyone here familiar with crypto escrow services?"

  2. Act 2 — The Endorsement: 15-20 minutes later, a second account replies with a detailed, technically-sound explanation of crypto escrow, naturally mentioning a specific service name.

  3. Act 3 — Social Proof: A third account replies: "I've used {service} before. Legit. They helped me recover funds from a scam exchange." This looks like genuine peer endorsement — because that's exactly what it's designed to look like.

  4. Act 4 — The Conversion: Over the next hour, 5-7 more accounts "try" the service in the chat, reporting positive results. New members who join the group are DMed by these accounts asking if they need help with crypto escrow.

The entire operation ran for 8 hours, involved 15+ coordinated accounts, and looked completely organic to any observer. Traditional anti-spam tools detected exactly zero of these messages because each individual message was benign.

Why traditional detection fails:

  • No single message contains spam content or links
  • Accounts have realistic profiles (Bio, profile photo, past messages in other groups)
  • Reply threading makes the conversation look organic
  • The spam payload (DM with scam link) happens outside the group — the anti-spam bot only checks public messages, so the DM itself is invisible to any group-level moderation

How to counter Level 5: Cross-message correlation — identifying that multiple accounts are operating in a coordinated pattern. This requires temporal analysis (messages that follow a suspicious sequence), account graph analysis (do these accounts appear together in other groups?), and behavioral profiling (accounts that suddenly change their posting pattern).

Why Most Anti-Spam Bots Stop at Level 2

The vast majority of Telegram anti-spam solutions — regardless of brand — rely on one of three methods: keyword blacklists, regex pattern matching, or captcha gates.

All three are effective against the first two levels but share a fundamental limitation: they operate on surface features of a single message, not on meaning, behavior, or patterns across accounts. A perfectly spelled, context-aware comment that doesn't contain a blacklisted keyword will pass every one of these checks.

AI-based analysis — using transformer models that understand semantic meaning rather than exact text — is currently the only approach that can address Levels 3-5. The tradeoff is computational cost and the complexity of false positive tuning.

The fundamental problem: most mainstream anti-spam bots still rely on architectures from 2022-2023, when Levels 3-5 were rare. In 2025-2026, neurocommenting is offered as a commercial service, and multi-stage attacks are increasingly common for any group with a significant audience.

What Actually Works Against Modern Telegram Spam

After 12+ months of running AI-powered moderation, here's what we've found effective:

1. Neural Content Analysis

A transformer-based model (trained on a curated dataset covering all five spam levels) that:

  • Works on semantic meaning, not keywords
  • Detects paraphrased spam variants
  • Handles transliteration and homoglyphs natively

2. Behavioral Profiling

For every account that joins a group, the system builds a profile:

  • Account age (Telegram's registration_date — available via MTProto API for bots that have it enabled)
  • Response patterns (reply speed, thread joining behavior)
  • Anonymized cross-group signals (does this account appear in known spam groups? — no raw message data is shared between group owners)
  • Anomaly detection (sudden topic changes, unnatural language switching)

3. Probation-Based Moderation

One of the most effective patterns we've implemented: new accounts get a probation period where their messages auto-delete if they match certain risk criteria. This alone catches the majority of Level 3-4 attacks because spam accounts almost never wait out a probation period.

4. Cross-User Correlation

When multiple accounts with correlated join times, similar device fingerprints, and complementary posting patterns appear in the same group, the system flags the entire cluster for review. This is the only effective defense against Level 5 "spam theater" attacks.

5. Edit Re-Check

A common evasion technique: post a benign message, wait for it to pass moderation, then edit it to contain the spam link. The bot re-checks edited messages against the same neural model — a feature most bots don't implement.

The Bottom Line

Telegram spam is rapidly becoming an AI-vs-AI problem. The days when a keyword blacklist and a captcha were sufficient defense are over. Group admins with a significant audience should assume they're being targeted by Levels 3-5 attacks right now — they just don't know it because the messages bypass their current protection.

For a deeper look at real spam case studies (with screenshots), follow @ai_antispam_en — we post technical breakdowns of every new attack pattern we detect.

This article is based on 12+ months of operating @ai_spam_blocker_bot — an AI anti-spam bot for Telegram groups and channels.

Top comments (0)