Vladimir S. | Officer's Notes|May 12, 2026 03:23
A new update just dropped in Telegram…
The Business Bots feature (which lets you link a script to your personal account for auto-replies) is now completely free.
Before, you needed Telegram Premium for it. Now it’s available to everyone - and that opens up some very interesting (and potentially shady) possibilities.
Picture this: You’re sitting in a bar, you go take a leak and leave your unlocked phone on the table for just 10 seconds. That’s more than enough time for someone to hack you - without needing any vulnerabilities at all.
An attacker (your new “buddy,” jealous wife, coworker, or a honeypot girl) grabs your phone, goes into the Telegram Business settings, and binds a pre-prepared bot to your account.
You come back, pick up your phone, and suspect nothing. All your chats look completely normal, no bot notifications anywhere.
BUT! If a specially prepared new contact messages you (or if the bot initiates the conversation itself), the bot instantly intercepts the message. The bot lives on Telegram’s servers, so even if you turn off your phone, pull out the SIM card, and close all active sessions, it will keep reading your messages and processing triggers - because it has a direct API token to your account.
There is also another brilliant bug with scheduled messages. The hacker sends a message to themselves from your phone with the parameter “Send when the contact comes online,” then immediately deletes the chat on your side. Your interface looks perfectly clean. But when the condition triggers, Telegram’s servers still push the delivery event.
The takeaway is simple: An unlocked smartphone in someone else’s hands for longer than 10 seconds is already a compromised device.
It wouldn’t hurt to go check right now:
Settings → Telegram Business → Chat Bots
and make sure there’s no suspicious bot hanging there quietly forwarding all your data to someone.(Vladimir S. | Officer's Notes)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink