Telegram and Discord Bots Delivering Infostealing Malware

A new report from security vendor Intel471 reveals how cybercriminals are using bots already deployed in messaging apps Discord and Telegram to deliver malware and steal user credentials.

In addition, these actors are targeting Roblox and Minecraft gaming platforms in similar attacks. Researchers pointed out that Discord’s content delivery network (CDN) is actively used for hosting malware because the platform doesn’t impose restrictions on file hosting.

The report revealed that these file hosting links are accessible to anyone without requiring authentication. This allows cybercriminals a credible “web domain to host malicious payloads.”

For your information, bots are used on Discord and Telegram so that users can play games, share data, and moderate channels to eliminate unwanted content. However, Intel471’s researchers identified that these can be used for delivering malware.

Some malware strains researchers found deployed in Discord’s CDN include Pay-Per-Install malware (PPI) Discoloader, PrivateLoader, Smokeloader, Agent Tesla, Autohotkey, Raccoon stealer, njRAT and many more.

Bots Stealing User Info from Systems

Researchers explained that threat actors use trojan malware to steal information from devices/systems attached to legit bots in the apps. The malware can steal a wide range of information. This includes the following:

  • Passwords
  • Bookmarks
  • Autofill data
  • Payment card data
  • Cryptocurrency wallets
  • Browser/session cookies
  • Microsoft Windows product keys
  • VPN (virtual private network) client logins

It is worth noting that using bots to spread malware on such platforms is nothing new. A report published last year explained how Telegram bots are stealing OTP (One-Time Password).

When it comes to Discord, there are a plethora of reports from cybersecurity companies explaining how one of the most frequently used messenger services in the world is used in spreading malware.

Messaging Apps Have Become Attackers’ C&C Mechanisms

According to Intel471’s report, cybercrooks use messaging apps like Telegram as their Command and…