menu_book Concept

Command and Control (C2)

Also known as: C2, C&C, Command-and-control server

Command and control (C2) is the infrastructure attackers use to communicate with malware on infected devices — issuing instructions and receiving stolen data. Infostealers exfiltrate stealer logs to C2 servers or, increasingly, directly to Telegram channels.

What is command and control?

C2 refers to the servers and channels through which malware receives commands and sends back data. For infostealers, the C2 is where harvested credentials, cookies, and files are uploaded after collection.

C2 in the infostealer ecosystem

Many infostealers now use Telegram bots and channels as a lightweight C2 and distribution mechanism, simplifying operations for affiliates. Others use traditional web servers, sometimes hidden via techniques like Vidar's dead-drop resolving.

How VantaPrism Tracks Command and Control (C2)

VantaPrism monitors the Telegram channels widely used as infostealer C2 and distribution, capturing the stolen data as it is exfiltrated.

Check Your Exposure arrow_forward

Frequently Asked Questions

Where do infostealers send stolen data?

expand_more

To command-and-control infrastructure — increasingly Telegram bots and channels, and otherwise to web-based C2 servers.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…

Vidar Stealer arrow_outward

Vidar is a long-running infostealer, derived from the older Arkei stealer, that collects browser credentials, cookies…

Log Cloud arrow_outward

A log cloud is a subscription service — usually run through Telegram channels or dark-web panels — that gives crimina…

← All Glossary Terms Last reviewed: June 2026