- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Criminals Use Malware as Messaging Bots to Steal Data
Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day.
The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data, passwords and Microsoft Windows product keys, said security company Intel 471. They can also steal session cookies – all sent via a bot that talks directly to these messaging platforms.
The company found criminals using the messaging apps as command and control mechanisms. In a blog post this week, it said that it noticed the use of information stealers on both of these platforms using the bot functionality that allows software to automatically send messages from a computer using these channels.
One malware strain, Blitzed Grabber, uses a feature called webhooks in Discord. A webhook is an automated message that a computer sends when triggered by an event.
Another malware bot, called X-Files, allows its criminal owners to control it inside the Telegram messaging app. They can send commands to the bot via Telegram, directing it to steal data and send it to a Telegram channel they choose.
Bots often steal information from browsers. Some bots also use the Telegram network to steal one-time password (OTP) tokens and SMS verification codes, the company said.
The messaging apps that these bot-based malware strains target have a large consumer audience. Some use the apps to relay data from consumer-only apps like the children’s online gaming platform Roblox and Microsoft’s Minecraft 3D world.
Nevertheless, malware exploiting these apps could form the initial stage of a targeted attack against an enterprise, Intel 471 said. Some businesses do use Telegram and Discord for communications, and in any case, employees might install Telegram or Discord on their machines for personal use.
The criminals are also using the messaging channels’ own networks to host and distribute their malware, according to the Intel 471 analysis. Discord runs its own content distribution network, which attackers use to host malware files, giving them a reputable domain for distribution.