"Discord, Telegram Services Hijacked to Launch Array of Cyberattacks"
As evidenced by ongoing, dangerous campaigns, threat actors have figured out how to use the existing functionality and infrastructure of popular messaging apps such as Telegram and Discord to host and execute a variety of malware. According to Intel 471's security research team, these platforms are helping fuel a surge of new attacks, from bots that enable games and content sharing to robust Content Delivery Networks (CDNs) ideal for hosting malicious files. Most of the time, the malware is used in conjunction with easily obtained info-stealers to prey on unsuspecting users and steal their credentials, auto-filled data, payment card information, and other sensitive information. Threat actors can use messaging platforms like Telegram and Discord to hide in plain sight, according to John Bambenek, principal threat hunter at Netenrich. Since these applications are widely used, simply blocking them is not an option. In addition, because a large team does not administer those platforms, they are not staffed to monitor channels and servers for criminal misuse. Some attackers have found success hosting their malware on CDNs such as Discord's, which, according to the analysts, has no file hosting restrictions. The links are open to all users without authentication, providing threat actors with a highly reputable web domain from which to host malicious payloads. PrivateLoader, Discoloader, Agent Tesla stealer, and Smokeloader are just a few of the malware families discovered in Discord's CDN by the researchers. Although the tactic is not new, the analysts point out Astro OTP, a new threat group actively stealing One-Time-Password (OTP) tokens and SMS message verification codes used for Two-Factor Authentication (2FA) via Telegram bots. The operator allegedly had direct control over the bot via the Telegram interface by issuing simple commands. This article continues to discuss attackers' use of popular messaging apps and their associated services against users.
Dark Reading reports "Discord, Telegram Services Hijacked to Launch Array of Cyberattacks"