October 07, 2022
329
0How Cybercriminals Use Messaging Apps to Launch Malware
Today, many have already forgotten about SMS and regular calls. Messaging apps or messengers are at the peak of popularity.
Many of these applications offer a single function — messaging. However, options such as Discord and Telegram, in addition to the basic components, offer users to create internal content accessible to all users, as well as quickly and easily share it.
In addition, such messengers allow you to create special bots on their platform that do a lot of functions for the user, thereby simplifying his life several times.
Cybercriminals have figured out how to use this for their own purposes and steal the data of any user of these messengers.
In this article, we will tell you exactly what they came up with and how to protect themselves from it.
The comparison of the popular messaging is here.
Storage for stolen data
Recently, it became known about the detection of several programs at once, with the help of which cybercriminals could steal users’ personal information from Discord and Telegram.
One of the kidnappers, known as Blitzed Grabber, uses Discord’s webhooks feature as a way to store data that is deleted using malware.
Webhooks provides an easy way to automatically send messages and data updates from the victim’s computer to a specific messaging channel. That is, as soon as the stolen information gets back to Discord, attackers can use it to continue their own schemes or to sell stolen credentials to the cybercrime underground.
Such programs can steal any type of information and data: cookies, credentials, bookmarks, autocomplete, VPN data, passwords, and much more.
Some of the grabbers, including Blitzed Grabber, Mercurial Grabber and 44Caliber, also target credentials for the Minecraft and Roblox gaming platforms.
A bot that does the same thing but in Telegram is known as X-Files. It has functionality that can be accessed using bot commands inside Telegram. Once the malware is uploaded to the victim’s system, attackers can use passwords, session cookies, login credentials and credit card details, sending this information to the Telegram channel of their choice.
In addition, information from the user’s browser is available for the bot.
Another program, known as Prynt Stealer, functions similarly but does not have Telegram commands built in.
Learn more about Telegram security here.
Hiding in the host
Cybersecurity experts have long been monitoring threat actors abusing the cloud infrastructure used by messaging applications to support malware distribution campaigns.
As it became known, many of them use the Discord network (CDN) to host malware payloads. This became known back in 2019. However, this method is still very popular.
It seems that malware operators do not face restrictions when uploading their malicious payloads to CDN Discord to host files. The links are open to any users without authentication, which gives the threat actors a web domain with a high reputation for hosting malicious payloads.
Did you hear about a crypto scam in Discord? Read more here.
OTP bots are still functioning
A few years ago, bots that could intercept one-time password tokens (OTP) were popular in Telegram. From recent studies, it became clear that such bots are still functioning.
The bot that was discovered this year was named Astra OTP. It allows the operator to receive subject confirmation codes and SMS. The operator allegedly could control the bot directly through the Telegram interface by executing simple commands.
The price of the bot is cheap and affordable. For example, a one-day subscription can be purchased for about $25. The price for unlimited access will be approximately $300.
How to protect yourself from such bots
Imperceptibly, automation and the development of platforms for communication and data transmission is a big breakthrough in the development of technology. However, along with the development of such sites, technologies for hacking and data theft are also developing.
Therefore, it is worth remembering about security measures so as not to get into danger and not lose your data.
The best solution would be to abandon popular and insecure messengers and give preference to Utopia P2P — a decentralized and private network with built-in tools for messaging, file transfer, browsing, etc. The whole version of the ecosystem is available on PC. But the beat version of the messenger is already available on Android.
So, if you care about the security and reliability of your data, choose only the best solutions.
Read more about Utopia P2P here.
