Cybercriminals are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control (C2) servers. Card-skimmers typically harvest data from online checkout pages and then send it back to a domain or IP address controlled by the attackers. In this case, the attackers are using a legitimate platform which gives the exfiltrated data the benefit of blending in with normal traffic and being harder to detect, Malwarebytes’ J..r..me Segura said.
Source: https://threatpost.com/magecart-credit-card-skimmer-telegram-c2-channel/158851/