EchoCreep and GraphWorm: the new dynamic duo of cybercrime

Published on May 23, 2026 | Translated from Spanish

A cyberattack campaign uses the EchoCreep and GraphWorm backdoors, deployed through Discord and the Microsoft Graph API. This strategy leverages communication platforms and cloud services to evade detection, demonstrating how artificial intelligence expands attack surfaces. At foro3d.com, we recommend keeping systems updated and exercising extreme caution.

EchoCreep and GraphWorm backdoors infiltrating a corporate server, malicious code flowing from Discord icons and Microsoft Graph API towards a vulnerable control panel, data exfiltration process showing AI gears spinning over a global network map, cinematic technical illustration style, blue and red cyberpunk lighting, metallic server hardware textures, glowing fiber optic cables, deep shadows, security alerts flashing on monitors, floating digital particles like dust, ultra-detailed photorealistic render

The technical mechanics behind cloud evasion 🛡️

EchoCreep installs through malicious links on Discord, while GraphWorm uses the Microsoft Graph API to move laterally and steal data. Both backdoors employ obfuscation techniques and encrypted communication to bypass firewalls and antivirus software. Artificial intelligence enables automating vulnerability discovery and customizing attacks, making traditional defenses insufficient without patches and constant monitoring.

The fun side: even hackers use Discord for coffee breaks ☕

It seems cybercriminals have also jumped on the remote work and video call bandwagon. Now, while you share memes on Discord, they might be sharing your bank password. The worst part is they use the Microsoft Graph API, the same one you use to sync your calendar. Good thing at least they don't ask for a virtual coffee before stealing your data.