Popular messaging apps Telegram and Discord attract cybercriminals looking to abuse built-in app features for their advantage.

Threat actors combine legitimate app functionality with malicious software to attack unsuspecting users, researchers at Intel 471, a cyber threat intelligence company, claim.

Several information stealers that rely on Discord and Telegram float around the web, available for download. For example, Blitzed Grabber relies on Discord’s webhooks feature, similar to an application programming interface (API).

“Webhooks provide an easy way to have automated messages and data updates sent from a victim’s machine into a particular messaging channel,” researchers claim.

Info-stealers that rely on legitimate messaging apps can steal a trove of personal data, such as passwords, browser cookies, cryptocurrency wallets, payment card information, and operating system information.

Intel471 researchers noted a Telegram bot called ‘X-Files’ that allows operators to instruct it via command prompts inside Telegram. After the bot infects the victim’s computer with the malware, attackers can scrape Chrome, Opera, and other browsers for anything from passwords to credit card details.

Like ransomware operators, attackers who use Telegram or Discord for nefarious purposes can purchase malware from other developers. Researchers have found that more and more criminals offer Telegram bots that intercept one-time password (OPT) tokens.

One such program, Astro OTP, provided the attackers with the means to get their hands on OTPs and intercept SMS verification codes. The entry-level for anyone willing to use Telegram and Discord bots is set low. Programs similar to Astro OPT can cost as little as $25 for a one-day subscription and $300 for a lifetime deal.

Researchers fear that Telegram and Discord bots allow entry-level cybercriminals to sharpen their skills and get acquainted with the cyber underworld, enticing them to pivot deeper into other criminal ventures.

Discord, Telegram used to spread malware