- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
- Windows 11 24H2 hit by a brand new bug, but there's a workaround
- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- How to Protect Your Social Media Passwords with Multi-factor Verification | McAfee Blog
Criminals Use Malware as Messaging Bots to Steal Data
Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day.
The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data, passwords and Microsoft Windows product keys, said security company Intel 471. They can also steal session cookies – all sent via a bot that talks directly to these messaging platforms.
The company found criminals using the messaging apps as command and control mechanisms. In a blog post this week, it said that it noticed the use of information stealers on both of these platforms using the bot functionality that allows software to automatically send messages from a computer using these channels.
One malware strain, Blitzed Grabber, uses a feature called webhooks in Discord. A webhook is an automated message that a computer sends when triggered by an event.
Another malware bot, called X-Files, allows its criminal owners to control it inside the Telegram messaging app. They can send commands to the bot via Telegram, directing it to steal data and send it to a Telegram channel they choose.
Bots often steal information from browsers. Some bots also use the Telegram network to steal one-time password (OTP) tokens and SMS verification codes, the company said.
The messaging apps that these bot-based malware strains target have a large consumer audience. Some use the apps to relay data from consumer-only apps like the children’s online gaming platform Roblox and Microsoft’s Minecraft 3D world.
Nevertheless, malware exploiting these apps could form the initial stage of a targeted attack against an enterprise, Intel 471 said. Some businesses do use Telegram and Discord for communications, and in any case, employees might install Telegram or Discord on their machines for personal use.
The criminals are also using the messaging channels’ own networks to host and distribute their malware, according to the Intel 471 analysis. Discord runs its own content distribution network, which attackers use to host malware files, giving them a reputable domain for distribution.