“Fraudsters typically download HTTP injector files—such as those shared openly on Telegram—then use a special HTTP injectors app to deploy the file,” Rowley said.