Magecart groups use Telegram to send stolen payment details from compromised websites back to attackers. The method of exfiltrating the data is done via an instant message sent to a private Telegram channel using an encoded bot ID in the skimmer code. The TTP was first publicly documented by security researcher @AffableKraut in a Twitter thread last week using data from Dutch cybersecurity firm Sansec. The advantage of using Telegram is that threat actors no longer have to bother with setting up separate command-and-control infrastructure to transmit the collected information.
Source: https://thehackernews.com/2020/09/credit-card-telegram-hackers.html