Cybercriminal activity has shifted from obscure forums to plain sight. Today, popular messaging apps are perfect for storing illegally obtained data, sharing malware, and performing other nefarious actions.
Messaging platforms such as Telegram or Discord are popular among internet users because they are functional, easy to use, and fairly secure in terms of private communication. This, however, attracts cybercriminals, who exploit the apps’ functionality for their profits.
Cybercriminal activity on messaging apps has been particularly strong since the whole world has moved to them to fight the ongoing coronavirus pandemic.
Telegram as cybercriminals’ nest
According to research conducted by Intel 471, cybercriminals are taking advantage of the built-in features of messaging apps to achieve their goals. One of these features is Telegram and Discords’ data-storage function, which allows users to store their files on the platforms’ servers.
Cybercriminals have been known to use these data-storage features to store and share stolen information among themselves, as it is much easier than creating their networks. Intel 471 noted that a malicious bot known as X-Files is operating using this feature on Telegram.
The bot spreads across the platform and infects users’ web browsers, such as Chrome, Opera, or Slimjet. It can steal:
- session cookies,
- card information, among others.
Once the bot gathers useful data, it stores it in a previously chosen Telegram channel. Cybercriminals are also using Telegram channels to control the bot – it is as simple as typing a few commands in the chat.
Telegram also acts as a platform for another type of malware – OTP bots. They have been known to steal users’ OTPs (one-time passwords) and SMS verification codes, enabling hackers to access stolen accounts – even those using MFA.
How are criminals using Discord?
Discord, another popular messaging and social networking platform, is not free from cybercriminal activity. In fact, it is being used to store stolen data. Intel 471’s research acknowledged Blitzed Grabber, a program that uses Discord’s built-in Webhooks – a feature designed to send automated messages in text chats without using the Discord application.
Blitzed Grabber uses Webhooks to deposit stolen data, such as:
- browser cookies,
- payment information,
- cryptocurrency wallets.
Other popular stealers are Mercurial Grabber and 44Caliber. These programs mostly target gaming communities, where Discord is popular for communication.
Another example of how cybercriminals use Discord for their profits is the popularity of Discord’s CDN among them. The CDN (Content Delivery Network) is used to distribute static content to users but can be exploited by hackers. Attackers use it to upload malicious files and share them with others. Worse yet, users outside Discord can also download these files and fall victim to cybercriminals.
Black markets in plain sight
Users choose messaging apps like Telegram or Signal because they are the most trustworthy. Their creators boast about encryption and security, which means they are great for everyday communication. However, hackers also take advantage of this privacy factor.
Secure and encrypted chat platforms are unmoderated for obvious reasons. No one wants a ”big brother” to read their messages. Cybercriminals can also use these apps to network, share information and sell stolen data.
Popular messaging apps have, unfortunately, become a black market for those who want to gain customers wishing to purchase some illegal products or information. Secure apps are not easily accessible to authorities, so criminals can use them to distribute stolen documents, login information, or illegal copies of software.
What to do with this knowledge?
Although messaging apps such as Discord have been proved to host some malicious users, we are not saying you should stop using them immediately. Telegram, Signal, WhatsApp, and other applications are useful, and most users do not wish to exploit other people.
We do, however, advise you to remain cautious. How?
- Connect to the internet via a VPN. Even if your favorite app claims to be the most secure on the market, you cannot be safe enough. VPNs create encrypted tunnels protecting your sent and received data. They can also mask your IP address so that no hacker can estimate your location. The best VPN providers offer discounts throughout the year, but there is a special occasion coming up in just a few months. Black Friday is great for testing new things, so if you are unsure about investing in a VPN, use this opportunity to get a Black Friday VPN at a great price.
- Beware of unknown users. Messaging apps are great for meeting new people and making new connections, especially if you participate in group chats on Telegram, Discord, etc. Be careful with new contacts, however. Do not share personal information, such as passwords, real addresses, etc.
- Also, beware of… known users. Remember that some criminals also use social engineering (like phishing) to take advantage of others. If someone says they are your best friend but has forgotten their password, they may not be truthful. Of course, situations like this one sometimes happen, but be careful and pay attention to small details. They might lead you to discover an impersonator.
- Create strong passwords and enable MFA. We stated earlier that bots on popular messaging platforms steal data: passwords, logins, and the like. This is why you should make sure your passwords are strong and unique. If one of your passwords is stolen, it should not allow hackers to log into every account you have ever created. Also, enable Multi-Factor Authentication. Even though some advanced bots can steal OTPs used in MFA, enabling this feature still greatly improves your overall security.