Encrypted chat apps are doubling as illegal marketplaces as criminals utilise them to sell illegal goods without fear of content moderation, according to NortonLifeLock.

Encrypted chat apps are gaining popularity worldwide due to their central premise of not sending user data to tech giants. Some popular examples include WhatsApp, Telegram and Signal.

These apps have also been adopted by businesses to securely communicate directly to their users.

Additionally, these apps have been instrumental to subverting authoritarian regimes. For example, Telegram has been used by pro-democracy dissidents to organise protests in Hong Kong, and communicate amongst themselves in Russia, Belarus, Thailand, and Iran.

However, encrypted chat apps are also being used by criminals to sell illegal goods. Because content moderation is, by design, nearly impossible on these apps, they allow for an easy vector for dealers of illicit goods to communicate directly to customers without fear of law enforcement involvement.

NortonLifeLock found a wide variety of illegal goods are being sold on Telegram, including people's personally identifiable information (PII), likely stolen gift cards, fake documents, pirated software, and tools to facilitate cybercrime such as distributed denial-of-service (DDoS) infrastructure.

In recent months, the cybersecurity firm has also found several accounts dedicated to selling “COVID-19 vaccines,” targeting users in a variety of countries including the United States, China, India, Malaysia, and Russia.

Counterfeit Goods

Counterfeit goods are a popular product on Telegram. NortonLifeLock found many accounts and groups dedicated to selling a wide variety of counterfeit goods, including luxury watches and purses, designer clothes, and high-end electronics. For example, users can find a counterfeit Rolex for as little as $69 USD.

COVID-19 Vaccines

In recent months, with people anxious to receive a COVID-19 vaccine, criminals have attempted to take advantage of this stress by selling what they claim are COVID-19 vaccines.

Gift Cards

Cybercriminals often launder ill-gotten gains such as stolen credit cards through the purchase and sale of gift cards. Other times, the gift cards are stolen directly through either a password leak or via vulnerabilities in the gift card provider's website. Those gift cards are then sold at heavily discounted prices.

Fake Documents and Personal Information

Another popular genre of illicit goods on Telegram are fake documents and personal information. Fuelled by major data breaches such as the one at Experian, data brokers have amassed a shocking amount of personal information including social security numbers, addresses, phone number, bank account numbers, and more.

Tools to Facilitate Cyber-Crime

NortonLifeLock observed that cybercriminals are also selling a variety of tools and services, including rental of DDoS infrastructure. It also found accounts marketing cheats for a variety of games and services marketing themselves for users in India, Europe, Russia, the Arab world, and North America.