Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Discord. Show all posts
Vulnerabilities and Exploits
Cloudfare Discord Signal User Privacy Vulnerabilities and Exploits

Cloudflare CDN Vulnerability Exposes User Locations on Signal, Discord

 

A threat analyst identified a vulnerability in Cloudflare's content delivery network (CDN) which could expose someone's whereabouts just by sending them an image via platforms such as Signal and Discord. While the attack's geolocation capability is limited for street-level tracking, it can provide enough information to determine a person's regional region and track their activities. 

Daniel's discovery is especially alarming for individuals who are really concerned regarding their privacy, such as journalists, activists, dissidents, and even cybercriminals. This flaw, however, can help investigators by giving them further details about the state or nation where a suspect might be. 

Covert zero-click monitoring

Daniel, a security researcher, found three months ago that Cloudflare speeds up load times by caching media resources at the data centre closest to the user. 

"3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius," explained Daniel. "With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.” 

To carry out the information-disclosure assault, the researcher would transmit a message to an individual including a unique image, such as a screenshot or a profile avatar, stored on Cloudflare's CDN. 

Subsequently, he exploited a flaw in Cloudflare Workers to force queries through specific data centres via a new tool called Cloudflare Teleport. This arbitrary routing is typically prohibited by Cloudflare's default security limitations, which require that each request be routed from the nearest data centre. 

By enumerating cached replies from multiple Cloudflare data centres for the sent image, the researcher was able to map users' geographical locations based on the CDN returning the closest airport code to their data centre.

Furthermore, since many apps, like Signal and Discord, automatically download images for push notifications, an attacker can monitor a target without requiring user engagement, resulting in a zero-click attack. Tracking accuracy extends from 50 to 300 miles, depending on the location and the number of Cloudflare data centers nearby.
Read more »
online games
Cookies Cyber Fraud Discord Email malware online games

Watch Out: Fake Game Invites on Discord Are Stealing Your Personal Data

 



There is a new online scam, where cyber criminals trick people into downloading harmful software under the pretext of beta testing a game. This campaign targets people on platforms such as Discord, email, and even text messages, aiming at stealing personal information and compromising accounts online. 


How does this work?

The scam starts by sending a harmless message. In this case, a user on Discord or elsewhere receives a direct message from a purported game developer claiming to have sent them a new game to play. The user is asked whether they would want to try the supposed game. In most cases, these messages come from compromised accounts, so the request seems all the more real.

If the victim consents, the attacker shares a download link and password to the target so that they can actually access and start downloading the game file. These links are usually Dropbox or even Discord's network because most malware authors upload their creations to an existing, popular platform. But what users download aren't games-these are referred to as information stealers.


What Do These Malware Applications Do?

Once installed, these programs, such as Nova Stealer, Ageo Stealer, or Hexon Stealer, begin extracting sensitive data. This may include: 

1. Saved browser passwords

2. Session cookies for services like Discord or Steam

3. Wallet information for cryptocurrencies

4. Credit card information

6. Two-factor authentication (2FA) backup codes

The Nova Stealer and Ageo Stealer are the new wave called Malware-as-a-Service (MaaS). This enables cybercriminals to rent these tools to conduct attacks. Nova Stealer even leverages a feature called a Discord webhook, allowing it to send information directly to hackers so they could know right away how much data had been stolen and not have to manually check.

Another tool that is used in these scams is the Hexon Stealer. It is a highly dangerous tool since it can gather a wide variety of personal information. Using such information, it hacks into Discord accounts and enables the attackers to send similar fake messages to the contacts of the victim, thereby further spreading the malware. 


Why Do Hackers Target Discord?

The main focus of these attacks is the Discord credentials. When hackers get access to a person's account, they can pretend to be that person, deceive their friends, and expand their network of victims. This cycle of exploitation of trust makes the scam so effective. 


How to Identify Fake Game Websites

Fake download pages are usually built using common web templates. Such sites appear legitimate but host malware. Among them are the following:  

  • dualcorps[.]fr
  • leyamor[.]com 
  • crystalsiege[.]com 
  • mazenugame[.]blogspot.com

These sites are hosted on platforms that are resistant to takedown requests, making it difficult for researchers to shut them down. If one site is removed, attackers can quickly set up a new one. 


How Can You Protect Yourself? 

To keep yourself safe, follow these simple guidelines:

1. Be cautious with unsolicited messages: If someone you don’t know—or even a known contact—sends a download link, verify its authenticity through another platform.  

2. Avoid downloading unknown files: Don’t download or install anything unless you’re certain it’s legitimate.  

3. Use updated security software: An active anti-malware program can block known threats.

4. Be watchful of phony websites: Be on the lookout for amateurism or copy-and-paste designs when viewing suspicious sites.


In the end, this scamming attack is meant to reap a financial reward; it may come in the form of stolen cryptocurrency, credit card information, or other sensitive details. Knowing how this attack works can help you safeguard your data from cybercrime attacks.

Stay informed and be careful—your online safety depends on it.

Read more »
Phishing Attacks
Discord Discord Scam Gaming malware Phishing Attacks

Navigating the Danger Zone: Discord’s Battle Against Malware

Navigating the Danger Zone: Discord’s Battle Against Malware

In a recent six-month investigation, cybersecurity firm Bitdefender discovered a disturbing trend: fraudsters are using Discord, a popular communication platform, to distribute malware and carry out phishing attacks.

The Rise of Malicious Links

The research, in which Bitdefender shows over 50,000 harmful links discovered on Discord, demonstrates the platform's rising vulnerability to cyber threats.

Types of Malicious Links

Malware Distribution: Cybercriminals use Discord to distribute malicious software (malware) to unsuspecting victims. These malware strains can range from spyware and ransomware to keyloggers and remote access Trojans. By enticing users to click on seemingly harmless links, attackers gain unauthorized access to their systems.

Phishing Attacks: Discord is also a playground for phishing campaigns. Scammers create fake login pages or impersonate legitimate services, tricking users into revealing sensitive information such as login credentials, credit card details, or personal data. Phishing links often masquerade as enticing offers or urgent notifications.

Geographical Impact

The study found that users in the United States are particularly targeted, accounting for 16.2% of the threats. However, other countries—such as France, Romania, the United Kingdom, and Germany—are also affected. Cybercriminals cast a wide net, exploiting language barriers and cultural differences to maximize their reach.

Common Scams

One prevalent scam involves promises of free Discord Nitro—a premium subscription service. Users receive messages claiming they’ve won a free upgrade to Discord Nitro, enticing them to click on a link. Unfortunately, these links lead to phishing sites or initiate malware downloads. Users must exercise caution and verify the legitimacy of such offers.

Protecting Yourself

As a Discord user, here are essential steps to safeguard against these threats:
  • Be Skeptical: Treat unsolicited messages with suspicion, especially if they promise freebies or urgent alerts. Verify the sender’s identity before clicking any links.
  • Hover Before You Click: Hover your mouse pointer over a link to preview the URL. If it looks suspicious or doesn’t match the expected destination, avoid clicking.
  • Enable Two-Factor Authentication (2FA): Strengthen your account security by enabling 2FA. This adds an extra layer of protection against unauthorized access.
  • Stay Informed: Keep an eye on security news and updates related to Discord. Awareness is your best defense.
Read more »
Social Media
2FA data security Discord Privacy Social Media

Discord Users' Privacy at Risk as Billions of Messages Sold Online

 

In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.

How Does This Breach Work?

The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.

Potential Risks Involved

Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.

Operations of Spy.pet

Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.

How To Protect Yourself?

Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.

What Are The Implications?

Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.

The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.


Read more »
User Security
Discord Downfall devs Epsilon Stealer malware User Security

Hackers Breach Steam Discord Accounts, Launch Malware


On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system.

Developer Michael Mayhem revealed that the corrupted package is not a mod installed through Steam Workshop, but rather the packed standalone modified version of the original game.

Hackers breached Discord

The hackers took over the Discord and Steam accounts of one of the Downfall devs, giving them access to the mod's Steam account.

Once installed on a compromised system, the malware will gather information from Steam and Discord as well as cookies, saved passwords, and credit card numbers from web browsers (Yandex, Microsoft Edge, Mozilla Firefox, Brave, and Vivaldi).

Additionally, it will search for documents with the phrase "password" in the filenames and for additional credentials, such as Telegram and the local Windows login.

It is recommended that users of Downfall change all significant passwords, particularly those associated with accounts that are not secured by Two-factor authentication ( (2-factor authentification).

The virus would install itself, according to users who received the malicious update, as UnityLibManager in the /AppData/Roaming folder or as a Windows Boot Manager application in the AppData folder.

About Epsilon Stealer

Epsilon Stealer is a trojan that steals information and sells it to other threat actors using Telegram and Discord. It is frequently used to deceive players on Discord into downloading malware under the pretence of paying to test a new game for problems. 

But once the game is installed, malicious software is also launched, allowing it to operate in the background and harvest credit card numbers, passwords, and authentication cookies from users.

Threat actors could sell the stolen data on dark web markets or utilize it to hack other accounts.

Steam strengthens security

Game developers who deploy updates on Steam's usual release branch now need to submit to SMS-based security checks, according to a statement made by Valve in October.

The decision was made in reaction to the growing number of compromised Steamworks accounts that, beginning in late August, were being used to submit dangerous game builds that would infect players with malware.


Read more »
Technology
APT Cyber Fraud Cyberattacks CyberCrime Cybersecurity Discord Malware Threat Technology

Discord's Security Challenge: APTs Enter the Malware Mix

 


APT groups continue to use Discord to spread malware and exfiltrate data, it is being commonly used by hackers to distribute malware and as a platform to steal authentication tokens. Consequently, Discord is serving as a breeding ground for malicious activity. 

Considering a recent report by Trellix, it has been revealed that Discord is now being used by APT (advanced persistent threat) hackers, too, who target critical infrastructure through the platform to steal information. 

Even though cybercrime has grown in magnitude and relevance in recent years, Discord has not been able to implement effective measures. This has prevented Discord from being able to deter cybercrime, deal with the issue decisively or at least limit its potential impact. Online gaming and digital communication have become part of a household name due to Discord. This is a platform that is becoming increasingly popular among gamers, friends, and families for chatting, sharing, and collaborating. 

A lot of people, including millions of people worldwide, use the Discord program as a way to communicate with one another. 

Discord Viruses: What Are They?


The Discord virus is a phrase used to describe a group of malware programs which can be found in the Discord app or distributed through the Discord platform. Discord users are frequently fooled by cybercriminals by the use of various tricks so that their devices can be infected by a virus which will cause devastating effects on the users' devices. 

In Discord, users will most likely find a Remote Access Trojan (RAT), which is one of the most common types of malware. It is most commonly found that hackers spread them by sending links that contain malicious codes, and when they gain administrative rights over a user's device, they can track their activity, steal data and manipulate settings without knowledge. 

In Discord, users can also find RATs, spyware, adware, and other forms of malware that can potentially be installed along with the RAT. These can also be used as part of DDoS attacks as a means to spread viruses further into a user's system. 

Trellix researchers have recently discovered a new sample of malware targeted specifically at crucial Ukrainian infrastructure, which has put the cybersecurity landscape at a pivotal point. The APT activity in Discord has changed significantly in the last few months, as the latest platform to be targeted is the Advanced Persistent Threat (APT). 

There are three ways in which threat actors exploit Discord: they use its content delivery network (CDN) to distribute malware, they modify the Discord client to obtain passwords, and they exploit its webhook mechanism to gain access to the victim's data. This is made possible because Discord's CDN was commonly used to deliver malicious payloads on a victim's PC. 

As these files are sent from the trusted domain 'cdn.discordapp.com', malware operators can avoid detection by anti-virus software. The data from Trellix shows that more than 10,000 malware samples rely on Discord's CDN to load their second-stage payloads on their systems, mostly malware loaders as well as generic loader scripts.

In addition to RedLine stealer, Vidar, AgentTesla, and zgRAT, Discord's CDN also fetched several other payloads through it. There is one method, which is popular among users, to upload files that can later be downloaded, namely Discord’s Content Delivery Network (CDN). There seems to be no complicated method to this attack. 

The perpetrator fabricates a Discord account so that they can transfer a malicious file, which will then be shared discreetly through a private message. This method appears to be quite straightforward. The goal is to make the "second stage" available for download by simply copying and pasting the file's URL into a GET request which then allows it to be downloaded using the link that was handed to the user upon uploading the file.  

Identifying malware on Discord


Antiviruses should be able to detect malicious software including Discord viruses but keep an eye out for any significant changes to how the system works. For instance, pop-ups could indicate that the device has been infected with adware. Often, system performance changes can serve as a signal that something’s up. 

Whether a user's computer starts crashing more frequently, simply slows down, or the browser starts misbehaving, they should check your system for viruses. Outgoing traffic is a little harder to notice but an unexpected increase in data usage or network activity could indicate a malware infection. 

Some types of malware, such as botnets, use your device’s resources to carry out tasks like sending spam or carrying out denial-of-service (DoS) attacks. The usage of Discord by APT groups is a recent development, signalling a new and complex dimension of the threat landscape. 

While APTs may employ Discord for exploration or early-stage activities, they may still rely on more secure methods at later stages. However, general malware poses a different challenge. From trojans to ransomware, they have been using Discord’s capabilities for years, extending the range of business threats. 

To ensure the proper detection of these malicious activities and safeguard systems, monitoring and controlling Discord communications has become essential, even to the extent of blocking them if necessary.
Read more »
User ID
API Cyberattacks CyberCrime Cybersecurity Data Breach Discord Discord Users Technology User ID

Rising Concerns as Discord.io Data Breach Compromises 760,000 Users

 

Although digital companies have multiple data protections in place to safeguard their customers' information, hackers continue to find ways to circumvent them and gain access to sensitive data even though they have multiple data protections in place to safeguard customer data. 

Data breaches have become more common in recent years, despite an increased focus being placed on cybersecurity in recent years. There has been another data breach at Discord.io this time, unfortunately, as the company is now one of the victims of such attacks. Learn about the types of data that hackers have access to as well as what steps are being taken by the company to protect this data. 

There has been a massive data breach at a popular service used to create custom links for Discord channels which allows people to create custom links for their channels. The service has now announced that it will be shutting down operations for the time being. 

A major breach of Discord.io's database occurred on the night of August 14, and large swaths of user data were stolen as a result. Discord announced the breach on Tuesday. As TechRadar reported in its article about the breach, more than 760,000 members of the company had their information compromised by the breach, though the company did not reveal this number in its update.

Discord.io is a third-party service that allows users to create custom invitations to their Discord channels, which can then be shared by the channel owner with their friends and viewers. It is estimated that over 14,000 users have registered on the service's Discord server, which is where most of the community exists. 

As of yesterday, a person named 'Akhirah' has started offering the Discord.io database for sale on the newly launched Breached hacking forums. A threat actor shared four records from the database as proof that he had stolen data. The new Breached forums are being hailed as the rise of a popular cybercrime forum that used to be a place where people would sell and leak data stolen from compromised databases. 

A member's username, email address, billing address (which only a small number of people) and a salted and hashed password (which only a small number of people) were among the most sensitive data that were compromised in the breach. 

Discord.io has officially confirmed that they were breached via a notice posted to their Discord server and website, and has initiated the process of temporarily shutting down its services as a result. As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach. According to a timeline listed on the website for Discord.io, it was only after seeing the post on the hacking forum that they encountered the information about the data breach. 

Immediately after the leaked data was confirmed to be authentic, they shut down their services and cancelled all memberships that had been paid for. A spokesperson for Discord.io says that the person responsible for the breach has not contacted them and has not provided them with any information regarding how the breach occurred. A spokesperson for Akhirah, the seller of the Discord.io database, told BleepingComputer that he had not been in touch with the Discord.io operators before speaking with them.

It is clear from the revealed information about the users that the attacker was able to gather all types of sensitive information from Discord.io. There was data leaked by the company that included sensitive user information, including usernames, Discord IDs, email addresses, billing addresses, salted and hashed passwords, and much other sensitive information. Because Discord.io does not store any information about its users, it cannot confirm whether or not any credit card information was compromised in the attack. 

As part of the data breach, the platform acknowledges that certain information about users, including internal user IDs, avatar details, the status of users, coin balances, API keys, registration dates, last payment dates, and membership expiration dates may have been exposed.  

Currently, Discord.io has announced that it is suspending operations indefinitely due to this attack. There will be a temporary period when Discord.io will not be available during the next few months after the website is launched since it will cease to operate while it is being built. There will be a complete rewrite of the website code, in which it will be implementing a completely new security system, and the code will be completely rewritten, according to the platform. 


Read more »
Security
Cyber Security Data Data Safety Discord Pentagon Safety Security

Pentagon Concludes Review Following Discord Leak, Tightens Controls on Classified Info

 

The Pentagon has completed a comprehensive assessment lasting 45 days to evaluate the military's protocols regarding classified information, following a case where a National Guardsman leaked unnecessary classified information on Discord despite having a top-secret clearance.

The individual involved, Jack Teixeira, held his clearance due to his position as an information technology technician at Otis Air National Guard Base in Massachusetts. However, the fact that he leaked information he did not require prompted Defense Secretary Lloyd Austin to initiate the review. While the review was ordered on April 14, the U.S. Defense Department released its findings and recommendations on Wednesday.

According to investigators from the Defense Department, the vast majority of personnel granted access to classified national security information demonstrate compliance with security policies and understand the criticality of maintaining information security for national security purposes.

"At the same time, the review identified areas where the department should improve its security posture and accountability measures," the Defense Department said in a fact sheet.

The Pentagon said it will "reinforce existing security policies and practices" down to the bottom ranks and update them to reduce "ambiguity" while examining opportunities to tailor training and education to "better address current and evolving security needs," among implementing other recommendations.

"The department is mindful of the need to balance information security with requirement to get the right information to the right people at the right time to enhance our national security," the fact sheet reads.

"As DoD implements the recommendations and associated actions from this review, careful consideration will be given to guard against any 'overcorrection.'"

The Defense Department announced that Secretary Austin has concluded his examination of the findings and subsequently issued instructions to senior military leaders outlining necessary actions to enhance accountability measures in the short and medium term.

In a memorandum, Austin instructed Defense Department leaders to ensure that all personnel are accurately included and accounted for within designated security information technology systems by August 31.

Military leaders who are not part of the intelligence community have been instructed to validate the necessity of their personnel accessing sensitive compartmented information. Furthermore, they must ensure that all individuals with access to such information have a duly completed non-disclosure agreement on file by the end of September.

Austin has directed the Pentagon to establish a centralized tracking system by year-end for sensitive compartmented information facilities and special access program facilities. Additionally, employees working in these facilities must certify their adherence to policies that prohibit the use of personal electronic devices.
Read more »
Video Chat Room
Artificial Intelligence Discord OpenAI Privacy Privacy Policy Video Chat Room

Discord Upgraded Their Privacy Policy

 

Discord has updated its privacy policy, effective on March 27, 2023. The company has added the previously deleted clauses back in as well as built-in tools that make it easier for users to interact with voice and video content, such as the ability to record and send brief audio or video clips.

Additionally, it promoted the Midjourney AI art-generating server and alleged that more than 3 million servers on the entire Discord network feature some sort of AI experience. This was done to position AI as something that is already well-liked on the site.

Many critics have brought up the recent removal of two phrases from Discord's privacy policy: "We generally do not store the contents of video or voice calls or channels" and "We also don't store streaming content when you share your screen." Many responses express concern about AI tools being developed off of works of art and data that have been collected without people's permission.

It looks like Discord is paying attention to customer concerns because it amended its post about the new AI tools to make it clear that even while its tools are connected to OpenAI, OpenAI may not utilize Discord user data to train its general models.

The three tools Discord is releasing are an AI AutoMod, an AI-generated Conversation Summaries, and a machine-learning version of its mascot Clyde.

Clyde has been reduced, and according to Discord, he can answer questions and have lengthy conversations with you and your friends. Clyde is connected to OpenAI. Moreover, it may suggest playlists and begin server threads. According to Discord, Clyde may access and utilize emoticons and GIFs like any Discord user while communicating with other users.

To help human server moderators, Discord introduced the non-OpenAI version of AutoMod last year. According to Discord, since its launch, "AutoMod has automatically banned more than 45 million unwanted messages from servers before they even had a chance to be posted," according to server policies.

The OpenAI version of AutoMod will similarly search for messages that break the rules, but it will do so while bearing in mind the context of a conversation. The server's moderator will receive a message from AutoMod if it believes a user has submitted something that violates the rules.

Anjney asserted that the company respects the intellectual property of others and demands that everyone utilizing Discord do the same. The company takes these worries seriously and has a strict copyright and intellectual property policy.



Read more »
Software Supply Chain
Data Privacy Discord malware PowerRAT PyPI Safety Security Server Software Supply Chain

The PoweRAT Malware Attacks PyPI Users

 

The software supply chain security company Phylum has discovered a malicious assault using the PoweRAT backdoor and an information thief that targets users of the Python Package Index (PyPI). The campaign was initially discovered on December 22, 2022, when PyroLogin, a malicious Python programme made to retrieve code from a remote server and silently execute it, was discovered.

The EasyTimeStamp, Discorder, Discord-dev, Style.py, and PythonStyles packages all had code that was comparable to PyroLogin, and they were all released to PyPI between December 28 and December 31.

The infection chain starts with a setup.py file, which means that the malware is automatically deployed if the malicious packages are installed using Pip. The infection chain involves the execution of numerous scripts and the exploitation of legitimate operating system features.

The execution process was examined by Phylum, who found attempts to avoid static analysis and the usage of obfuscation. While the malicious code is being performed in the background, a message indicating that "dependencies" are being installed is displayed in order to avoid raising the suspicion of the victims.

The infection chain also involves the setup of numerous potentially harmful programs, the placement of malicious code into the Windows starting folder for persistence, and libraries that let the attackers manipulate, monitor, and record mouse and keyboard input.

Once the virus is installed on the victim's computer, it gives the attackers access to sensitive data such as browser cookies and passwords, digital currency wallets, Discord tokens, and Telegram data. A ZIP archive containing the collected data is exfiltrated.

Additionally, the malware tries to download and install Cloudflare. This Cloudflare command-line tunnel client enables attackers to access a Flask app on the victim's machine without changing the firewall, on the victim's computer.

Using the Flask app as a command-and-control (C&C) client, the attackers can run shell commands, download and execute remote files, and even execute arbitrary Python code in addition to extracting information like usernames, IP addresses, and machine specifics.

The malware, which combines the capabilities of an information thief and a remote access trojan (RAT), also has a feature that sends an ongoing stream of screenshots of the victim's screen to the attackers, enabling them to cause mouse clicks and button presses. Phylum named the malware PoweRAT instead of Xrat "because of its early reliance on PowerShell in the attack chain."

Phylum concludes, "This thing is like a RAT on steroids. It has all the basic RAT capabilities built into a nice web GUI with a rudimentary remote desktop capability and a stealer to boot! Even if the attacker fails to establish persistence or fails to get the remote desktop utility working, the stealer portion will still ship off whatever it found.” 
Read more »
Virus Attack
Antivirus Discord Email Hacking Hackers Malicious Apps malware Phishing Attacks Virus Attack

Threats of Discord Virus: Ways to Eliminate it

Discord has gained popularity as a tool for creating communities of interest since the launch of its chat and VoIP services, notably among gamers. Discord can be exploited, though, similar to any other platform that contains user-generated material. 

It was discovered in 2021 that hackers carried out a number of malware attacks targeting Discord. Cybercriminals use various techniques to spread more than 20 different varieties that have been found. Due to Discord's broad customizability possibilities, common users are vulnerable to attacks inside and outside the chat server. Recent security analysis on Discord has uncovered a number of cyberattack scenarios connected to its chat service, which can be quite risky for users.

How does the Discord virus infiltrate the system?

The common phrase used to describe malware programs exchanged using the official Discord app is 'Discord Virus.' To get Discord users to run malicious software, cybercriminals use a variety of tactics, the pirated version of Discord Nitro is also frequently offered by attackers. 

The Discord software has a premium edition called Discord Nitro that is packed with more sophisticated capabilities. It is important to understand that the Discord Nitro app cannot be cracked because the premium features are delivered over the servers and not embedded into the app.

The system does display a few typical signs that point to the existence of Trojan infection:
  • The CPU is abruptly utilized more than normal
  • The system regularly glitches
  • Malicious pop-ups are constantly flooding browser
  • The user is not asked to initiate the opening of a window
  • Redirection to suspicious or unreliable websites
How to Update and Fix Discord

1. Operate discord as an administrator

Running the application with administrative rights may be a simple way to fix the Discord Update Failure problem. You can download and run the most recent Discord update due to this enabling the updater to change your device.

2. Give the update.Exe file a new name

A bug with the application's update.exe file was discovered by Discord's troubleshooters. For the best chance of successfully updating Discord to the most recent version, try renaming this file.

Copy "C: Users Username AppData" without the quotations and put it into the Windows + R keyboard shortcut. The username should be changed to the username for your local account.

3. Avoid using windows defender

The Discord Update occasionally crashes due to conflicts with Windows 10's default antivirus protections. Disabling Windows Defender will allow you to try updating Discord.

4. Disable your antivirus temporarily

Antivirus programs have a reputation for causing problems on computers by obstructing your internet service or preventing services and apps from operating as intended.

Discord can give rise to predatory behaviors like cyberbullying. Additionally, extreme organizations utilize Discord to recruit new members and keep in touch with them. You should take precautions against malicious users on Discord and never give out your personal information to anyone.

While utilizing the service, Discord provides a list of precautions to take in order to avoid spam and hacking. One recommendation is to create secure passwords that are less likely to be hacked. Additionally, individuals can defend themselves by scanning for suspected phishing attempts. 


Read more »
Ransomware
Bot Discord Lofygang Mallicious Packages malware Ransomware

How LofyGang Is Using Discord In A Massive Credential Stealing Attack

 

Checkmarx researchers have mapped out a complex web of criminal activity that all points back to a threat actor known as LofyGang. This group of cybercriminals provides free hacking tools, Discord-related npm packages, and other services to other nefarious actors and Discord users. These tools, packages, and services, however, come with a hidden cost: the theft of users' accounts and credit card credentials. 

The researchers discovered at least 200 malicious npm packages uploaded to the official npm website by various LofyGang sock puppet accounts. These npm packages look like genuine packages that enable users to interact with the Discord API. LofyGang dupes users into installing malicious packages instead of legitimate ones by uploading multiple versions of its packages with different misspellings of popular packages.

In order to give their malicious packages credibility on the npm website, the group also ties their npm packages to active and reputable GitHub repositories. An unsuspecting user who enters a typo while searching for a legitimate package may come across a listing for one of these malicious packages, fail to notice the misspelling, and install the package.

Unfortunately for those who install malicious npm packages, the packages are designed to steal users' account and credit card information. However, rather than containing malicious code directly, these packages rely on secondary packages that contain malicious code. Because malware is hidden in dependencies, the original malicious packages are less likely to be reported as malicious and removed from the npm website.

If one of the malicious dependencies is reported and removed, the threat actor can simply upload a new malicious dependency and push an update to the user's original npm package, instructing it to rely on this new malicious dependency.

LofyGang distributes malicious hacking tools on GitHub in addition to malicious npm packages. The hacking tools, like the npm packages, are usually Discord-related. These programmes also contain malicious dependencies that steal account and credit card information. LofyGang promotes these tools on a variety of platforms, including YouTube, where the group posts tool tutorials.

The LofyGang's Discord server, which has been operational since October 2021, is another avenue for promoting the group's malicious hacking tools. Users can join this Discord server to get assistance with the tools. The server also includes a Discord bot that can grant users a free Discord Nitro subscription using stolen credit card information. 

However, in order to use the bot, users must provide their Discord account credentials, which LofyGang is likely to add to the growing list of credentials stolen by its malicious packages and tools. At the end of the day, Checkmarx's report shows that anyone using LofyGang's packages, tools, and services, whether they realise it or not, is handing over their account and credit card credentials.
Read more »
malware
Discord Fake Website Gaming Community Gaming Malware malware

Hackers Make Fake Cthulhu Website to Distribute Malware


Fake Cthulhu website spreads malware 

Threat actors have made a fake 'Cthulhu World ' play-to-earn community, this includes websites, social accounts, a medium developer site, and Discord groups to spread the Raccoon stealer, AsyncRAT, and Redline password stealing malware on innocent targets.

As play-to-earn communities have risen in popularity, threat actors and scammers constantly attack these new platforms for suspicious activities. 

The same applies to a new malware distribution campaign found by cybersecurity expert "iamdeadlyz", where hackers made an entire project to advertise a fake play-to-earn game known as Cthulhu World.

Hackers promote the fake project 

To publicize the 'project,' hackers send direct messages to users on Twitter asking if they wish to perform a test of their new game. In return of testing and promoting the game, the hackers promise of rewarding in Ethereum. 

When a user visits cthulhu-world.com site (currently down), users are welcomed with a well designed website, it includes information about the project and an interactive map of the game's environment.

But, it is a fake site which is a copy of the original Alchemic World Project, which has warned its users to stay aware of the fake project. Someone made a fake account for our project, and copied the website, and all social media.

Experts say to "stay away"

"STAY AWAY this account and don't follow them. All their assets were stolen from our project," Tweeted Alchemic World. 

The Cthulhu World website is also different in some ways, for instance, when a user clicks the upper right-hand corner arrow on the website, the site brings them to a webpage requesting a "code" to download the "alpha" test of the project.

The hackers then distribute these codes to potential victims as a part of their DM conversations on Twitter. The access code list can be found on the site's source code. 

3 downloaded files contain the malware 

On the basis of the code entered, one of the three files is downloaded from the DropBox. All of these three files will install different malware, which allows the threat actor to pick and choose how they want to attack a particular victim. 

The three malware found by AnyRun installs are Raccoon Stealer, AsyncRAT, and RedLine Stealer.

"As RedLine Stealer and Raccoon Stealer are known to steal cryptocurrency wallets, it is not surprising to find that some victims have already had their wallets cleaned out by this scam," says Bleeping Computer.

 
The Cthulhu World Website is currently shut down, but their Discord is up and running. It isn't clear if users on this Discord are aware that a website is sharing malware, however, few users have full faith that it is a genuine project.

How to protect yourself?

If you visited Cthulhu-world.com and installed any of their softwares, the user should immediately remove any items found and run an antivirus scan on the system right away.

You should also note that these malware infections can steal your cookies, crypto wallets, and saved passwords, you should reset all passwords and make a new wallet to import all the cryptocurrency.

The best way to protect yourself is to reinstall your system from scratch, as these malware infections give full access to an infected computer, and other suspicious malware can be installed.


Read more »
Roblox
Discord Gaming Malware malware Roblox

Malicious PyPI Packages Surface, Attack Discord and Roblox


About PyPI Packages

10 malicious software packages were found in the Python Package Index (PyPI) repository, a week later, many others have come to surface, found by different firms. 

It has become a kind of whack-a-mole drill, taking out malicious codes only to find more taking its place. In the disclosure of last week, Check Point researchers discovered Trojanized packages imitating authentic components, it contained droppers for data stealing malware. 

This compelled Kaspersky researchers to further investigate the open source repository, which resulted in finding two more rogue offerings, known as "pyrequests" and "ultrarequests," that turned out to be one of the most famous popular packages in PyPI (simply known as "requests"). 

How did the attack happen?

Checkpoint says "Pypi has over 612,240 active users, working on 391,325 projects, with 3,664,724 releases.What many users are not aware is the fact that this one liner simple command can put them at an elevated risk. The pip install command triggers a package installation which can include a setup.py script."

The threat actor used a description of authentic "requests" package to fool victims into downloading harmful ones. The description includes false faked stats, saying the package was installed more than 230 million times in a month, having more than 48,000 stars on GitHub. 

The project description also hints towards web pages of legitimate requests package, along with the author's email. All mentions of orginal requests package have been interchanged with the names of malicious ones. 

Attackers target Discord and Roblox

When installed, it results in a W4SP Stealer infection, via which actors can extract Discord tokens, passwords, and saved cookies from browsers in seperate threads. 

Whereas, experts at Snyk earlier this week released findings about around 12 malicious PyPI packages that steal Discord and Roblox users' login credentials and payment details. Kyle Suero, Snyk's leading researcher, the malware also tries to steal Google Chrome data or pilfer passwords and bookmarks from Windows systems, pivoting through all the accounts. 

"Another interesting thing about this malware is that it is actually using Discord resources to distribute executables. Although this practice is not new, seeing cdn.discord.com tipped off our security researchers. The binaries are pulled down to the host via the Discord CDN," says Snyk.

The malicious packages have been wiped out from PyPI, but they don't have any idea about the number of times they were downloaded prior to that. Code repository attacks keep rising, as per ReversingLabs, attacks on npm and PyPI have collectively spiked from 259 in 2018 to 1,010 in 2021 — a 290% increase. 

"If we keep ignoring the core problem, that is trusting the code, we can't handle software supply chain security," says Tomislav Peričin, co-founder and chief software architect at ReversingLabs in the report. 






Read more »
Telegram
CDN data wipers Discord malware Ransomware Attacks. Telegram

Data Spyware Delivered via Telegram & Discord Bots

Hackers have utilized these messaging apps in a variety of ways to transmit their own malware, according to Intel 471's research. They have discovered ways to host, distribute, and execute various activities on these platforms, which they mostly exploit in cooperation with data theft in order to be able to steal credentials or other information from unwary users.

According to a recent study from Intel 471, threat actors are using the multifaceted nature of messaging apps — in particular, their content-creation and program-sharing components — as a basis for information stealing.

Tactics & Techniques

Researchers at Intel 471 have found a number of data thefts that are openly accessible and depend on Telegram or Discord to operate.

Additionally, these hackers conduct similar attacks against the Roblox and Minecraft gaming sites. Discord's content delivery network (CDN) is regularly used to store malware, as per researchers, because the platform doesn't place limitations on file storage.

One Telegram-focused botnet, dubbed X-Files, includes features that may be accessible through Telegram's bot commands. Once the malware has been installed on a victim's computer, criminal actors can take credit card information, login credentials, session cookies, and passwords, and send them to a Telegram channel of their choice. 

Several browsers, including Google Chrome, Chromium, Opera, Slimjet, and Vivaldi, may import data into X-Files. Although Prynt Stealer, another stealer, operates similarly, it lacks the built-in Telegram commands.

The following malware families have been seen hosting harmful payloads on Discord CDN: PrivateLoader,  Discoloader, Colibri, Warszone RAT, Modi loader, Raccoon thief, Smokeloader Amadey,  Tesla agent thief, GuLoader, Autohotkey, and njRAT.

Cautions

The entry threat for malicious actors is reduced by automation in well-known chat platforms. Data theft might be the initial step in initiating a targeted attack against an enterprise, even though they can not alone cause as much harm as malware like a data wiper or ransomware.

Although messaging services like Discord and Telegram are not often utilized for corporate activities, their popularity and the surge in remote work have increased the attack surface available to cybercriminals.




Read more »
User Security
Discord Info Stealer NPM Package Technology User Security

Discord Users Targeted by Malicious Npm Packages

 

Kaspersky researchers have unearthed yet another supply chain attack campaign employing multiple malicious npm packages, this time targeting Discord users to steal their payment card information. 

The malware employed in these attacks is a modified version of an open-source and Python-based Volt Stealer token logger and JavaScript malware dubbed Lofy Stealer. 

“The Python malware is a modified version of an open-source token logger called Volt Stealer. It is intended to steal Discord tokens from infected machines and the victim’s IP address and upload them via HTTP,” reads the analysis published by Igor Kuznetsov and Leonid Bezvershenko. 

The malware monitors the victims' actions, such as Discord logins, attempts to change the credentials, multi-factor authentication (MFA) toggles, or the addition of new payment methods to steal Discord accounts and payment information. 

Subsequently, the harvested data is uploaded to the remote endpoint whose address is hardcoded (e.g., life.polarlabs.repl[.]co, sock.polarlabs.repl[.]co, idk.polarlabs.repl[.]co). 

“The JavaScript malware we dubbed ‘Lofy Stealer’ was created to infect Discord client files in order to monitor the victim’s actions, researchers added. It detects when a user logs in, changes email or password, enables/disables multi-factor authentication (MFA), and adds new payment methods, including complete bank card details. Collected information is also uploaded to the remote endpoint whose address is hard-coded,” the analysis further read.

Kaspersky states that they are constantly monitoring the updates to repositories to rapidly scan and remove all new malicious packages. 

According to researchers, this is a repetitive process among malicious npm packages, and it's just one of the seemingly endless streams of malware specifically designed to target Discord users in recent years with info stealers. 

For example, in 2019, malware dubbed Spidey Bot was employed to alter the Windows Discord user to backdoor it and deploy an information-stealing trojan. Last year, malicious npm and PyPI libraries were also employed to target Discord users, steal their user tokens and browser information, and deploy MBRLocker data wiping malware called Monster Ransomware. 

Earlier this year, JFrog researchers uncovered multiple malicious packages in the NPM registry particularly targeting several popular media, logistics, and industrial companies based in Germany to carry out supply chain assaults.
Read more »
Security
Cybersecurity Discord Discord Hack Hackers malware Ransomware Researchers Security

Alert! Teen Hackers are Using Discord to Disseminate Malware

 

Avast security researchers found a Discord channel where a group of teenagers is developing, updating, promoting, and selling malware and ransomware outbreaks, allegedly to make pocket money. 

The researchers assume they are all minors since they referenced their parents and instructors frequently and casually used age-specific slurs. Researchers discovered their actions via their Discord chat. The hackers sell malware variants of Snatch, Lunar, and Rift and provide a variety of services ranging from data theft to ransomware and crypto mining. 

However, researchers discovered that teen hackers mostly give easy-to-use malware builders and toolkits, allowing users to utilise them without real programming by using the "Do it yourself" (DIY) technique. 

How does the Group function? 

To become a group member or utilise the malware-as-a-service capability, interested parties must pay a charge. The registration price ranges from €5 to €25. Avast researchers observed in their analysis that about 100 accounts have already enrolled to get access to a hacking group. The malware dissemination method is a little unusual. 

The hackers posted a YouTube video displaying a bogus crack for a popular computer game or commercial software, along with a download link in the description. To establish credibility, additional users of the Discord group leave comments on the video, thanking the originator and confirming that the connection works. This method is even more twisted than bots for commenting since it becomes hard to recognise. 

How Should One Handle Teen Hackers? 

This scenario is undoubtedly troubling. As a result, hacking ability among teenagers and minors must be channelled towards beneficial, ethical endeavours for the general benefit of the cybersecurity sector. 

Parents must communicate to their children to understand the motivational elements that drive them to distribute malware. There are several tools accessible on Discord and other platforms to assist anyone interested in pursuing a career in the cybersecurity field. 

The first step, though, is for parents to interact with their children without passing judgement. It is worth emphasising that the organisation distributes unlawful malware without comprehending the gravity of the situation and dismissing it as a prank.
Read more »
NFT
Blockchain Security CoinDesk Crypto Cyber Attacks Discord Ethereum Meta NFT

NFTs Worth 200 Ether Were Stolen From the Bored Ape Yacht Club 

 

Yuga Lab's Bored Ape Yacht Club or Otherside Metaverse Discord services were hacked to publish a phishing scheme, hackers allegedly took approximately $257,000 in Ethereum and 32 NFTs. A Yuga Labs community manager's Discord account was allegedly hacked on June 4 and used to spread a phishing scam on the firm's Discord servers. 

According to Coindesk, the attacker hacked Boris Vagner's Discord account, put many phishing links on the account, its related metaverse account 'Otherside,' and the NFT fantasy football team Spoiled Banana Society's (SPS) Discord account. As of 8.50 a.m., the worldwide crypto market capitalization had increased by 3.43 percent to $1.27 trillion. According to Coinmarketcap data, worldwide crypto volume increased by 18.04 percent to $51.24 billion. 

The phishing communications, which claimed to be from Vagner, advertised an exclusive prize and stated that only BAYC, Mutant Ape Yacht Club, and Otherside NFTS holders were eligible. The owners were then directed to a phishing site, where they were requested to input the login information. The attackers then took all Ethereum and NFTS contained in the account's associated wallet after receiving the login credentials. Yuga Labs finally regained login to the Discord server, but not before significant harm had been done. 

The seized NFTS were worth roughly 200 ETH ($361,000) according to BAYC's official Twitter account. The perpetrators made off with 145 Ethereum and 32 NFTS, valued at a total of $250,000.

Approximately 32 NFTs were taken, according to blockchain cybersecurity firm PeckShield, including the Bored Ape Yacht Club, Otherdeed, Bored App Kennel Club, and Mutant Ape Yacht Club projects. 

As per the reports, it is unknown how the forum manager's account was hacked or whether two-factor authentication was turned on, which generally protects against such assaults.
Read more »
User Privacy
Botnet Crypto Wallet Cyber Attacks Cyble DDOS Attacks Discord Info Stealer Telegram Tokens User Privacy

Telegram is Selling the Eternity Malware Kit, Which Offers Malicious Services 

 

Cybercriminals have recently used Telegram to offer malware and other dangerous tools as services. Researchers have discovered a deadly new malware subscription plan which can be used to facilitate a wide range of attacks. 

The "Eternity Project," a modular malware kit, has capabilities that allow buyers to steal passwords and credit card information, launch ransomware attacks and infiltrate victims with cryptomining software. Each component of the malware toolkit, such as an information stealer, a coin miner, a clipper, ransomware software, a worm spreader, and, finally, a DDoS (distributed denial of service) bot, can be purchased separately. 

The creators share the latest update, usage instructions, and debate feature proposals on a private Telegram channel with over 500 members. Buyers can apparently use the Telegram Bot to assemble the binary automatically after choosing its desired feature set and paying the equivalent amount in cryptocurrency. The malware module is the most premium at $490 per year. The info-stealer, which costs $260 per year, steals passwords, credit cards, bookmarks, tokens, cookies, and autofill data from over twenty different web browsers. 

The malware's versatility is also highlighted through a deep-dive investigation of the infostealer module. Researchers claim that this single tool may gather data from a wide range of apps, including web browsers and cryptocurrency wallets, as well as VPN clients, messaging apps, and more. 

The miner module is $90 a year and includes features such as task manager invisibility, auto-restart once killed, and startup launch persistence. The clipper is a $110 application that scans the clipboard for cryptocurrency wallet credentials and replaces them with wallets controlled by the user. The Eternity Worm is available for $390 from the developer, and it can propagate itself using USB drivers, lan shares, local files, cloud drives, Python projects, Discord accounts, and Telegram accounts.

The authors say it's FUD (completely undetectable), a claim supported by Virus Total data showing zero detections for the strain. Surprisingly, the ransomware module provides an option of setting a timer that, when reached, renders the files entirely unrecoverable. This adds to the victim's pressure to pay the ransom as soon as possible. 

Despite the wide range of hazards posed by Eternity Project malware, Cyble says there are a few precautions consumers can take. Maintaining regular data backups, keeping software up to date, and avoiding visiting untrustworthy websites and email attachments are recommended best practices.
Read more »
Open Sea
Crypto Cyber Attacks Digital Assets Discord Hackers NFT Open Sea

OpenSea Warns of Discord Channel Hack

 

The nonfungible token (NFT) marketplace OpenSea had a server breach on its primary Discord channel, with hackers posting phoney "Youtube partnership" announcements. A screenshot shared on Friday reveals a phishing site linked to fraudulent collaboration news. 

The marketplace's Discord server was hacked Friday morning, according to OpenSea Support's official Twitter account, which urged users not to click links in the channel. OpenSea has "partnered with YouTube to bring their community into the NFT Space," according to the hacker's original post on the announcements channel. 

It also stated that they will collaborate with OpenSea to create a mint pass that would allow holders to mint their project for free. The attacker appeared to have been able to stay on the server for a long time before OpenSea staff was able to recover control. The hacker uploaded follow-ups to the initial totally bogus statement, reiterating the phoney link and saying that 70% of the supply had already been coined, in an attempt to generate "fear of missing out" in the victims. 

The scammer also tried to persuade OpenSea users by claiming that anyone who claimed the NFTs would receive "insane utilities" from YouTube. They state that this offer is one-of-a-kind and that there would be no other rounds to engage in, which is typical of scammers. As of this writing, on-chain data indicates that 13 wallets have been infiltrated, with the most valued stolen NFT being a Founders' Pass worth about 3.33 ETH ($8,982.58). 

According to initial reports, the hacker used webhooks to get access to server controls. A webhook is a server plugin that lets other software get real-time data. Hackers are increasingly using webhooks as an attack vector since they allow them to send messages from official server accounts. The OpenSea Discord server isn't the only one that uses webhooks. 

In early April, a similar flaw enabled the hacker to utilise official server identities to post phishing links on several popular NFT collections' channels, including Bored Ape Yacht Club, Doodles, and KaijuKings.
Read more »
Subscribe to: Posts (Atom)