A hacking group called Webworm has been caught deploying sophisticated backdoors named EchoCreep and GraphWorm that exploit legitimate services from Discord and Microsoft's Graph API to avoid detection. By leveraging these trusted platforms for command and control operations, the attackers can blend malicious traffic with normal business communications, making their activities harder to spot by security teams. This tactic highlights a growing trend where cybercriminals abuse legitimate cloud services to maintain persistent access to compromised systems.