Threat actors are increasingly weaponizing the legitimate Telegram Bot API to establish Command and Control (C2) channels and exfiltrate stolen data. This technique is widely adopted across credential phishing campaigns and malware families like Agent Tesla and Pure Logs Stealer, allowing attackers to bypass traditional network defenses by blending malicious traffic with legitimate Telegram communications.