If You Use Telegram: Read This Now

In August 2025, the tech world was shaken when Telegram’s founder, Pavel Durov, was arrested in France on allegations tied to the misuse of his platform. Everyone was shocked. For years, Telegram branded itself as the go-to app for secure, encrypted, and censorship-resistant conversations, attracting nearly a billion global users from political activists to everyday people who simply wanted privacy.

But privacy is a double-edged sword. While Telegram has given millions a safe space to communicate beyond government reach, its very features, end-to-end encryption, anonymous accounts, and bot integration, have also turned it into a fertile ground for cybercriminals, scammers, and even nation-state hackers.

The app isn’t just a messenger anymore; it’s a marketplace, a dark web alternative, and a battlefield for digital warfare. From sophisticated malware campaigns to simple but devastating social engineering scams, hackers are exploiting Telegram’s popularity at scale.

If you are an active user, you must have come across one telegram scam or another, and while you might or might not have fallen victim, the scams are becoming more sophisticated, even bypassing the users entirely.

With over 900 million users, Telegram is proving that popularity comes at a cost. Hackers, scammers, and even state-sponsored groups have turned the app into a prime hunting ground. From Android zero-day exploits to social engineering scams, the platform has faced one of its most dangerous years yet.

So let’s break down some of the scams and hacks currently alive and what you should do immediately after reading this.

1. EvilLoader

The most alarming Telegram exploit of 2025 so far is EvilLoader, a critical zero-day vulnerability that remains unpatched in Telegram for Android (v11.7.4).

The attack disguises malicious APKs as innocent video clips shared in chats. When a victim taps the file, Telegram prompts them to “open externally.” Instead of playing a video, the malware installs silently on the device, thereby gaining access to files, messages, and even financial apps.

Because Telegram has yet to fix this flaw, millions of users remain at risk. Cybercriminals are actively selling EvilLoader kits on underground forums, making this one of the biggest ongoing Telegram emergencies in 2025.

Security Tip: Never install or run files from Telegram chats unless they come from a source you personally trust.

2. Telegram Name Scam

In April 2025, LearnHub Africa exposed a fast-growing scam: the Telegram Name Scam.
Scammers exploit the hype around rare Telegram usernames, short handles, and “premium” names that can be traded or sold through platforms like Fragment. Victims are lured into “selling” or “buying” usernames but are tricked into handing over their accounts entirely.

Some scams use phishing links, while others convince users to transfer ownership temporarily, only for the account to be hijacked permanently. In many cases, scammers then demand a ransom for the return.

Unlike technical hacks, this scam relies on social engineering, manipulating human trust and greed.

Security Tip: Never transfer your Telegram username or respond to unsolicited offers. Treat your handle as securely as your password.

3. Lazarus Group’s Telegram Malware Campaign

The notorious North Korean Lazarus Group expanded its cyberwarfare tactics in 2025, and Telegram is now part of its arsenal.

Security researchers found that Lazarus-linked malware families were using Telegram channels for command-and-control (C2). This means infected devices communicated with Telegram bots or channels to receive instructions and exfiltrate stolen data.

The group’s targets include:

• Crypto investors
• Fintech workers

- High-value business professionals

Lazarus has been tied to billion-dollar heists in the past, and its adoption of Telegram makes detection and takedown efforts even harder.

Security Tip: If you handle crypto or sensitive data, use separate devices and regularly scan for malware.

4. Telegram Bots Weaponized by Hackers (PXA Stealer)

A Vietnamese-speaking hacking group leveraged Telegram bots to automate widespread data theft in 2025.

Their method:

• Victims were tricked into downloading fake “Word” or “PDF reader” apps.
• The apps carried PXA Stealer, a malware that harvested passwords, cookies, and credit cards.
• Stolen data was funneled straight into Telegram bot channels, giving attackers instant access.
• The credentials were resold using underground services like Sherlock and Daisy Cloud.

This hack shows how criminals weaponize Telegram’s own bot framework for industrial-scale cybercrime.

5. Hikka Userbot Exploit (CVE-2025-52571)

In January 2025, researchers disclosed a major flaw in the Hikka Telegram userbot—a tool used by communities for automation.

Versions below 1.6.2 contained a vulnerability that allowed unauthenticated attackers to:

• Hijack the userbot
• Take over the linked Telegram account
• Gain control of the server, running it

This meant that anyone running outdated Hikka bots had unknowingly given hackers the keys to their accounts and servers.

Security Tip: If you use Telegram bots, keep them updated or shut them down if you don’t absolutely need them.

6. Criminal Channels Selling Malware & Phishing Kits

A 2025 academic study of 339 criminal Telegram channels revealed that Telegram has become a thriving black market for cybercrime:

• 28% of shared links led to phishing websites.
• 38% of executable files contained malware.
• Criminals promoted their “products” with discounts, giveaways, and even customer support.

Telegram isn’t just being attacked; it’s also a hub for attackers to trade tools and recruit accomplices.

7. 16 Billion Credentials Exposed

In June 2025, researchers discovered one of the largest leaks of login credentials ever: 16 billion usernames and passwords, stolen by infostealer malware.

Among them were countless Telegram accounts. Attackers could log into victims’ accounts directly—especially if two-factor authentication (2FA) wasn’t enabled.

This wasn’t a Telegram-specific hack but highlights how third-party breaches put Telegram users at risk.

Security Tip: Enable two-step verification in Telegram’s settings. Without it, your account is one stolen password away from takeover.

8. Animated Sticker Vulnerabilities Across Platforms

In February 2025, researchers from Shielder uncovered that even animated stickers could be weaponized.

Exploiting Telegram’s rendering system, malicious stickers could gain unauthorized access to media files in encrypted chats. This cross-platform flaw affected Android, iOS, and macOS clients.

While Telegram patched the bug, it was a chilling reminder that even fun features like stickers can carry hidden risks.

9. SIM-Swap Hijack: The Fall of VChK-OGPU Channel

In April 2025, one of Russia’s largest independent Telegram channels—VChK-OGPU, with over 1 million subscribers, was hijacked and deleted.

Hackers reportedly performed a SIM-swap attack, cloning the phone number linked to the account. Once inside, they seized control and wiped the channel entirely.

For high-profile accounts, SIM hijacking remains one of the biggest threats on Telegram, since phone numbers are still tied to verification.

Security Tip: Request SIM-swap protection from your carrier or use an eSIM where available.

10. ShinyHunters’ Extortion Campaign via Telegram

The infamous hacker collective ShinyHunters used Telegram in a high-stakes extortion scheme against the UK’s Legal Aid Agency in 2025.

They stole over two million sensitive records and threatened to leak them unless demands were met. Telegram channels became the group’s platform of choice to publicize threats and communicate ransom details.

Even though the data wasn’t released after the deadline, this case highlighted how Telegram doubles as a tool for cyber blackmail.

Social Engineering

While technical exploits grab headlines, social engineering scams are the most dangerous. They bypass firewalls and updates by targeting human psychology.

1. Impersonation Scams
In one extreme case, a crypto investor lost 783 BTC ($91 million) after being tricked by attackers impersonating hardware wallet and exchange support staff. The same tactics appear on Telegram, where scammers pose as insiders or “admins.”

2. Scam Bots
Reddit users warn of bots that phish OTPs, CVVs, and PINs directly in Telegram. Victims are tricked into clicking and entering details in seconds.

3. Personalized Deception
Scammers now use first names and tailored greetings to seem credible. One Redditor noted:

“Telegram scammer mentioned my first name… profile setup looked real enough.”
Takeaway: If it feels personal, it’s engineered.

Key Takeaways in 2025

• Technical exploits (EvilLoader, Hikka, sticker flaws) expose vulnerabilities in the app itself.
• Social engineering (Telegram Name Scam) proves humans are still the weakest link.
• Nation-state actors (Lazarus Group) show how Telegram is part of global cyberwarfare.
• Criminal marketplaces thrive openly in Telegram channels.
• SIM-swaps and extortion demonstrate risks for both individuals and organizations. ## How to Protect Yourself Right Now
• Enable 2FA in Telegram → Settings → Privacy & Security → Two-Step Verification.
• Update frequently to patch vulnerabilities.
• Beware of links, files, and stickers from unknown contacts.
• Avoid username trades or “premium handle” offers.
• Use unique passwords with a password manager.
• Protect your SIM by asking your carrier about SIM-swap locks.
• Stay informed—scammers evolve faster than platforms can patch.

Conclusion

Telegram’s growth has made it a global powerhouse, but 2025 proves it’s also a global target. From Lazarus Group’s cyber-espionage campaigns to everyday scams like the Telegram Name Scam, the threats are escalating in both scale and creativity.

The lesson is clear: Telegram is not invincible. Security is not guaranteed it’s something every user must actively protect.

If you’re on Telegram in 2025, the time to act is now. Update, enable 2FA, and stay vigilant because hackers are moving faster than ever.

If you enjoyed this story, consider joining our mailing list. We share real stories, guides, and curated insights on web development, cybersecurity, blockchain, and cloud computing, no spam, just content worth your time.

Comments

[Montegasppα Cacilhας]

My question is: why isn’t Mark Zuckerberg arrested for the same reason?

[Scofield Idehen]

Because when you play by the rules set by the system, you are covered. Nothing is white and black.

[Montegasppα Cacilhας]

That’s the most naïve answer I ever read.

USA billionaires don’t play by the rules, they define the rules. And the rules change as it goes according to their conveniences.

[Scofield Idehen]

Billionaires or politicians?

[Montegasppα Cacilhας]

That’s another common mistake: politicians work for billionaires.

It’s usually named “lobby,” the their influence goes far beyond lobby.

[Scofield Idehen]

I watched the recent dinner of tech billionaires with Trump, and I realized that money does not fully equate power, but Political power does.

Elon Musk is a clear example, no matter how you spin it without the political levearge you can be discarded.

[Montegasppα Cacilhας]

Sorry… are you really this naïve or are you trying to troll me?

Or perhaps we didn’t see the same dinner…

What I saw was a group of very smart billionaires flattering an idiot to convince him that he wants what actually they want.

And remember: Trump himself is sit in the White House not due to his great achievements. He’s there ’cause, as a billionaire by his own, he paid the right people to be there.

Or you really think your elections are fair?