Malware that exploits Discord bots appears
'
How cybercriminals are using messaging apps to launch… | Intel471
https://intel471.com/blog/cybercrime-telegram-discord-automation-chatbots
Messaging Apps Tapped as Platform for Cybercriminal Activity | Threatpost
https://threatpost.com/messaging-apps-cybercriminals/180303/
Cyber security company Intel 471 has discovered the existence of a cyber criminal who uses a messaging app to spread its own malware. According to Intel471, the cybercriminal uses Discord and Telegram bots with information-stealing infosteers to steal user credentials.
Analysts at Intel 471 have found an info stealer sneaking into a free bot distributed on Discord or Telegram. One of the info stealers in the bot is called 'Blitzed Grabber', which uses Discord's ' Webhook ' feature to store stolen data. This webhook allows cybercriminals to send automated messages and data updates from the victim's machine to specific messaging channels. In other words, cybercriminals can use Webhooks to continue intercepting information via Discord or move stolen credentials to another device.
Infosteer including Blitzed Grabber can steal various information such as auto-filled data, bookmarks, browser cookies, VPN client authentication information, credit card information, virtual currency wallet, OS information, passwords, Windows product keys, etc. .. In addition, some info stealers such as Blitzed Grabber, Mercurial Grabber, and 44 Caliber will also steal credentials for popular games such as Minecraft and Roblox.
Another Telegram-specific malware bot discovered by Intel 471 is The X-Files. When this malware invades the victim's terminal, it steals information such as passwords, session cookies, login information, credit card information from multiple browsers such as Google Chrome, Chromium, Opera, Slimjet, Vivaldi, and uses that information for cyber criminals. Sends to the selected Telegram channel.
Yet another info stealer, the Prynt Stealer, works the same as the X-Files, but doesn't use the Telegram command.
We have also found that cybercriminals who abuse these info stealers are exploiting the cloud infrastructure used by messaging apps to spread malware. It has also been revealed that many cybercriminals use Discord's content delivery network (CDN) to host malware payloads.
The technique of using Discord's CDN to host malware payloads was first detected by Intel 471's malware investigation system in early 2019, but has since been abused by various cybercriminals. That thing. In addition, cyber criminals who use malware seem to have no restrictions at first glance when uploading to Discord's CDN to host malicious payloads.
The malware that has been confirmed to be abusing Discord's CDN is as follows.
・ Private Loader
・ Discoloader
・ Colibri
・ Warzone RAT
・ Modi loader
・ Raccoon stealer
・ Smokeloader
・ Amadey
・ Agent Tesla stealer
・ GuLoader
・ Autohotkey
・ NjRAT
Intel 471 has previously observed an increase in services that utilize Telegram bots to intercept one-time password (OTP) tokens. Malicious attackers are selling this OTP interception bot on a forum for cybercriminals.
Analysts at Intel 471 also observed another bot called the 'Astro OTP' in April 2022. Astro OTP allows operators to intercept OTPs and short message service (SMS) authorization codes. Cyber criminals will be able to control their bots directly through Telegram's interface.
These bots can be purchased for a daily usage right of about $ 25 (about 3400 yen) and a lifetime usage right of about $ 300 (about 41,000 yen).
An info stealer that only steals information does not do as much damage as malware such as ransomware, but it could well be the first step in a targeted attack on a company. Message apps like Discord and Telegram aren't primarily used for business, but they're steadily increasing in popularity and remote work. As a result, it is clear that the number of targets attacked by cybercriminals has increased dramatically over the past few years. Intel 471 fears that this situation will be a place for low-level cybercriminals to hone their skills and become a hotbed for further cybercrime.
Related Posts:
