WaveStealer Malware Delivered Via Telegram & Discord Messaging Platforms

Cybersecurity experts have identified a new malware, dubbed WaveStealer, that is being actively distributed through popular messaging platforms Telegram and Discord.

This sophisticated malware masquerading as video game installers poses a significant threat to users by targeting their sensitive data.

How WaveStealer Operates

WaveStealer is not just another malware but an infostealer designed to extract sensitive information from compromised systems.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

According to a report from Broadcom, once a device is infected, WaveStealer can access web browsers, cryptocurrency wallets, and credit card numbers.

It also targets data associated with the platforms it uses for its distribution: Telegram and Discord.

Enhanced Data Exfiltration Techniques

Adding to its potency, WaveStealer can capture screenshots from the infected devices.

This feature allows it to record sensitive information that may not be captured through keystrokes or traditional data theft methods.

WaveStealer’s primary distribution method is digital platforms, which are widely used for communication and social interaction.

By disguising itself as a video game installer, it preys on the unsuspecting users of Telegram and Discord, platforms known for their vibrant gaming communities.

Remarkably, WaveStealer is relatively low-cost to purchase on the dark web, making it accessible to a wide range of cybercriminals, not just the highly skilled ones.

This accessibility increases the potential spread and impact of WaveStealer, making it a formidable threat to digital security.

File-based Identification

  • Infostealer
  • Trojan.Gen.MBT
  • Trojan.Malscript! inf
  • WS.Malware.1

Network-based Detection

  • Audit: Connection to file.io
  • Attack: Webpulse Bad Reputation Domain Request

Web-based Security

Observed domains and IPs associated with WaveStealer are covered under security categories in all WebPulse-enabled products.

Users are advised to remain vigilant and cautious when downloading files from unknown sources, especially on platforms like Telegram and Discord.

Installing and keeping up-to-date, robust antivirus software, like those offered by Symantec, can significantly reduce the risk of infection.

Telegram and Discord communities are encouraged to spread awareness about this new malware threat.

By informing each other about the dangers of downloading suspicious files and promoting safe browsing practices, users can help safeguard the entire community.

As cyber threats evolve, staying informed and prepared is the best defense against malware like WaveStealer.

Users should take proactive steps to protect their digital environments with advanced security solutions and practice cautious online behavior.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.