Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cybercriminals Exploit Telegram for Selling Bank Mule Accounts

Cybercriminals Exploit Telegram for Selling Bank Mule Accounts

Posted on May 25, 2026 By CWS

Cybercriminals are leveraging Telegram channels to openly market verified bank accounts, fintech wallets, and cryptocurrency exchanges, thus streamlining money laundering into a highly organized criminal operation. This underground marketplace has evolved from informal recruitment to a professional network, offering tiered pricing, customer support, and guarantees for account replacements, making illicit financial activities more accessible.

Structure of the Underground Market

Funds circulating through these networks primarily originate from phishing, ransomware, Business Email Compromise scams, and investment fraud. In the United States, approximately 0.3% of all financial accounts are suspected to be controlled by mules. These operations exploit stolen identities, AI-generated personas, and hacked credentials to create accounts that pass stringent identity checks at banks and fintech platforms.

To bypass fraud detection, criminals utilize forged documents, deepfake videos, and synthetic identity kits. Once these accounts are operational, they receive illegal funds, which are swiftly transferred across multiple institutions and withdrawn before any detection is possible.

Telegram as a Hub for Mule Services

The KELA Cyber Intelligence Center has identified extensive illicit activities linked to mule networks within Telegram channels, dark web forums, and encrypted messaging groups. In a report shared with Cyber Security News, KELA disclosed that threat actors are openly promoting verified bank accounts, fintech wallets, cryptocurrency exchange accounts, forged identity documents, and comprehensive laundering services on a massive scale.

Telegram has emerged as the primary platform for what is known as Mule-as-a-Service (MaaS), a niche within the broader Fraud-as-a-Service ecosystem. Users can find sellers listing accounts from a variety of banks across the U.S., Latin America, and Europe, with some posts showcasing hundreds of accounts accompanied by customer reviews to vouch for their credibility.

The Role of AI in Evasive Techniques

Artificial intelligence significantly enhances the creation and management of mule accounts. Criminals use advanced language models, deepfake video tools, and platforms like RunwayML to produce realistic facial movements that deceive remote verification systems at financial institutions. Manuals on forums like CrackedTo instruct users on how to exploit AI tools, such as prompting ChatGPT, to simulate natural facial movements required for verification.

AI also facilitates account warming, where bots conduct low-risk transactions, making accounts appear legitimate before funneling illicit funds. Additionally, predictive smurfing algorithms and voice cloning technologies help circumvent Anti-Money Laundering (AML) systems and verification processes.

Countermeasures and Future Implications

To combat these sophisticated threats, KELA advises organizations to actively monitor dark web forums and Telegram channels for emerging MaaS activities. Financial institutions should enhance their identity verification systems to counter deepfake injection attacks, where synthetic video is directly fed into banking applications rather than being shown to a camera. Security teams are encouraged to implement behavioral analytics capable of identifying AI-driven account warming and adaptive smurfing behaviors, which traditional AML systems may overlook.

As cybercriminals continue to refine their methods, it is imperative for financial institutions and security teams to stay vigilant and adopt advanced technologies to detect and prevent these evolving threats.

Cyber Security News Tags:AI, bank accounts, Cryptocurrency, Cybercrime, dark web, Fintech, Fraud, KELA, money laundering, Telegram

Post navigation

Previous Post: Linux Attack Hides Malicious Payload in Package Installs
Next Post: Russian Hacker Exploits Google Gemini for Crypto Theft

Related Posts

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus Cyber Security News
Sophisticated Crypto Clipper Malware Targets USB Drives Sophisticated Crypto Clipper Malware Targets USB Drives Cyber Security News
Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication Cyber Security News
Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France Cyber Security News
Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign Cyber Security News
North Korean Operatives Exploit LinkedIn for Remote Tech Jobs North Korean Operatives Exploit LinkedIn for Remote Tech Jobs Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark