Why discord is used for malware logs or c&c? (2fa verification problem)

[3c2n90yt57489t3y8794]

Hello, why are discord webhook used for malware communications? Discord traffic is encrypted so it's not easy to distinguish from normal discord traffic by antiviruses but discord could close the account and also discord requests 2fa sms often. So how discord 2fa is managed by malware administrators without spending money (for vps or sms verification)? If you use tor or vpn, you'll get 2fa requests. Are there other ways?

 

[3c2n90yt57489t3y8794]

no

 

[DoKitO]

Hello, why are discord webhook used for malware communications? Discord traffic is encrypted so it's not easy to distinguish from normal discord traffic by antiviruses but discord could close the account and also discord requests 2fa sms often. So how discord 2fa is managed by malware administrators without spending money (for vps or sms verification)? If you use tor or vpn, you'll get 2fa requests. Are there other ways?

They usually dont use 2fa (except for normal login 2fa 1 time), also using discord for c2 on big operation is the worst opsec error you can prob make.
Discord doesnt gives a fuck about small stuff

 

[3c2n90yt57489t3y8794]

They usually dont use 2fa (except for normal login 2fa 1 time), also using discord for c2 on big operation is the worst opsec error you can prob make.
Discord doesnt gives a fuck about small stuff

Thanks, very interesting. What are the best options for ~free to get logs from an infostealer in a small operation? Considering I'd use everything inside torbrowser. I was looking for a free clearnet webmail usable in tor with smtp servers availabe to users, the problem is that every service doesn't work under an onion ip (due to complex 2fa). The only option seems to buy an sms service, but I'd like to not spend money for now.

Long story short: I developed an infostealer for windows in C for almost all browsers (using winapi only), it's my first time and I'm not sure about what method should I use to withdraw logs. I don't want to spend money and I want to stay in a torbrowser (or equivalent anonimity and security: tails/whonix).

 

[DoKitO]

Thanks, very interesting. What are the best options for ~free to get logs from an infostealer in a small operation? Considering I'd use everything inside torbrowser. I was looking for a free clearnet webmail usable in tor with smtp servers availabe to users, the problem is that every service doesn't work under an onion ip (due to complex 2fa). The only option seems to buy an sms service, but I'd like to not spend money for now.

Long story short: I developed an infostealer for windows in C for almost all browsers (using winapi only), it's my first time and I'm not sure about what method should I use to withdraw logs. I don't want to spend money and I want to stay in a torbrowser (or equivalent anonimity and security: tails/whonix).

You can Use FTP with the Tor socks, make Sure to give users right rights (Stealer User shouldnt be able to as example read/delete stuff)

 

[3c2n90yt57489t3y8794]

You can Use FTP with the Tor socks, make Sure to give users right rights (Stealer User shouldnt be able to as example read/delete stuff)

Do you know free services you can suggest where there is a ftp server available? Maybe some free hosting or something like that

 

[DoKitO]

Do you know free services you can suggest where there is a ftp server available? Maybe some free hosting or something like that

There are some free ftp hosters with 2gb you can find them easily