Cybercriminals have started to use messaging apps like Discord and Telegram to spread malware. Used in conjunction with information stealers, cybercriminals have found ways to use these platforms to host, distribute, and execute various functions that ultimately allow them to steal credentials or other information from unsuspecting users, Intel 471 research shows. 

Intel 471 researchers have discovered several information stealers that are freely available for download that rely on Discord or Telegram for their functionality. The stealers can pilfer all types of information, including autofill data, bookmarks, browser cookies, credentials from virtual private network (VPN) clients, payment card information, cryptocurrency wallets, operating system information, passwords, and Microsoft Windows product keys. 

Intel 471 researchers have also observed threat actors abusing the cloud infrastructure used by messaging apps to support malware-spreading campaigns. Many threat actors currently use Discord’s content delivery network (CDN) to host malware payloads.

For more information, visit intel471.com.