The tool is becoming popular amongst cyber criminals on the dark web, and is able to bypass Telegram's encryption.
Naked Security explains:
Earlier this year, Russian cybercriminals started hawking around a new $500 (£385) tool called “Katyusha Scanner” that automates searching for and exploiting SQL injection (SQLi) vulnerabilities on websites.
Sad to report, it’s proved popular in the underground, say the researchers who discovered it for sale, requiring paying customers to do little more than configure a server running the open-source Arachni web application scanner, normally a tool for pen-testing good guys.
So far, none of this is terribly newsworthy. Using vulnerability application scanners in this way has been around for years, while SQL injection has been at the top of the OWASP Top 10 worry list since its earliest days.