Cybercriminals use messaging apps to steal data and spread malware

The shift to remote working has boosted the popularity of messaging apps, in particular those like Discord and Telegram which have underlying elements that allow users to create and share programs or other types of content that's used inside the platform.

But research from Intel471 shows cybercriminals are finding ways to use these platforms to host, distribute, and execute functions that ultimately allow them to steal credentials or other information from unsuspecting users.

Researchers have discovered several information stealers that are freely available for download and that rely on Discord or Telegram for their functionality. One, known as Blitzed Grabber, works like an API, using Discord's webhooks feature as a way to store data that is exfiltrated through the malware.

Threat actors are also using Discord's content delivery network (CDN) to host malware payloads. Intel471's intelligence collection systems first spotted this technique in 2019, but a variety of threat actors are still using it.

Automation in messaging apps means a lower bar to entry for malicious actors, and the increased popularity of the apps also presents cybercriminals with a wider attack surface. This provides an opportunity for low-level cybercriminals to improve their skills, build relationships and maybe pivot to further, more sophisticated, crimes in the future.

You can read more about the attacks and how they work on the Intel471 blog.

Image credit: Rawpixel / depositphotos