Cybercriminals are using messaging apps to deliver malware

Image by inkdrop via Freepik

Cybercriminals have started to use messaging apps like Discord and Telegram to spread malware. Used in conjunction with information stealers, cybercriminals have found ways to use these platforms to host, distribute, and execute various functions that ultimately allow them to steal credentials or other information from unsuspecting users, Intel 471 research shows.

Intel 471 researchers have discovered several information stealers that are freely available for download that rely on Discord or Telegram for their functionality. The stealers can pilfer all types of information, including autofill data, bookmarks, browser cookies, credentials from virtual private network (VPN) clients, payment card information, cryptocurrency wallets, operating system information, passwords, and Microsoft Windows product keys.

Intel 471 researchers have also observed threat actors abusing the cloud infrastructure used by messaging apps to support malware-spreading campaigns. Many threat actors currently use Discord’s content delivery network (CDN) to host malware payloads.

For more information, visit intel471.com.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.