- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
Criminals Use Malware as Messaging Bots to Steal Data
Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day.
The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data, passwords and Microsoft Windows product keys, said security company Intel 471. They can also steal session cookies – all sent via a bot that talks directly to these messaging platforms.
The company found criminals using the messaging apps as command and control mechanisms. In a blog post this week, it said that it noticed the use of information stealers on both of these platforms using the bot functionality that allows software to automatically send messages from a computer using these channels.
One malware strain, Blitzed Grabber, uses a feature called webhooks in Discord. A webhook is an automated message that a computer sends when triggered by an event.
Another malware bot, called X-Files, allows its criminal owners to control it inside the Telegram messaging app. They can send commands to the bot via Telegram, directing it to steal data and send it to a Telegram channel they choose.
Bots often steal information from browsers. Some bots also use the Telegram network to steal one-time password (OTP) tokens and SMS verification codes, the company said.
The messaging apps that these bot-based malware strains target have a large consumer audience. Some use the apps to relay data from consumer-only apps like the children’s online gaming platform Roblox and Microsoft’s Minecraft 3D world.
Nevertheless, malware exploiting these apps could form the initial stage of a targeted attack against an enterprise, Intel 471 said. Some businesses do use Telegram and Discord for communications, and in any case, employees might install Telegram or Discord on their machines for personal use.
The criminals are also using the messaging channels’ own networks to host and distribute their malware, according to the Intel 471 analysis. Discord runs its own content distribution network, which attackers use to host malware files, giving them a reputable domain for distribution.
