Leveraging Yara Rules to Hunt for Abused Telegram Accounts === :::info - **Date:** Oct.29th 15:50-16:30 - **Speaker:** Asaf_Aprozper - **Category:** CyberCrime - Main Track > In our talk, we will reveal how we leveraged sophisticated Yara rules to capture Telegram channels, groups, and even bots on the Internet. But that's not all, we’ll show the audience how we built an automated fraud hunting tool, which, upon the insertion of a Telegram API key will detect whether it’s a bot, channel or group and accordingly will reveal their dark secrets such as C&C servers, Black Markets, and Women Abuse. We will reveal the awful truth about how adversaries abusing legitimate apps such as Telegram in order to disguise their cybercrime activities from the authorities.<br>The Telegram messaging app has experienced significant growth, adding hundreds of thousands of new users daily. Fraudsters mainly utilized Telegram groups and channels to organize their communities. This is where fraudsters advertise, connect and share knowledge and compromised information, much like the role forums play on the dark web. Channels, on the other hand, are groups in which only the administrator is authorized to post and regular members have access to view, similar to blogs. Telegram even allows creating multi-functional bots, which are unique Telegram accounts that do not require a phone number to set up. These bots can perform harmless tasks like creating cat memes on demand, accepting payments, act as a digital storefront but could also be leveraged to perform malicious functions. Due to Telegram’s rich feature set and rapid adoption, Telegram has become a sought after tool on the fraud scene. ::: ###### tags: `CODEBLUE2019`,`CODEBLUE`