Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Discord. Show all posts
Vulnerabilities and Exploits
Cloudfare Discord Signal User Privacy Vulnerabilities and Exploits

Cloudflare CDN Vulnerability Exposes User Locations on Signal, Discord

 

A threat analyst identified a vulnerability in Cloudflare's content delivery network (CDN) which could expose someone's whereabouts just by sending them an image via platforms such as Signal and Discord. While the attack's geolocation capability is limited for street-level tracking, it can provide enough information to determine a person's regional region and track their activities. 

Daniel's discovery is especially alarming for individuals who are really concerned regarding their privacy, such as journalists, activists, dissidents, and even cybercriminals. This flaw, however, can help investigators by giving them further details about the state or nation where a suspect might be. 

Covert zero-click monitoring

Daniel, a security researcher, found three months ago that Cloudflare speeds up load times by caching media resources at the data centre closest to the user. 

"3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius," explained Daniel. "With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.” 

To carry out the information-disclosure assault, the researcher would transmit a message to an individual including a unique image, such as a screenshot or a profile avatar, stored on Cloudflare's CDN. 

Subsequently, he exploited a flaw in Cloudflare Workers to force queries through specific data centres via a new tool called Cloudflare Teleport. This arbitrary routing is typically prohibited by Cloudflare's default security limitations, which require that each request be routed from the nearest data centre. 

By enumerating cached replies from multiple Cloudflare data centres for the sent image, the researcher was able to map users' geographical locations based on the CDN returning the closest airport code to their data centre.

Furthermore, since many apps, like Signal and Discord, automatically download images for push notifications, an attacker can monitor a target without requiring user engagement, resulting in a zero-click attack. Tracking accuracy extends from 50 to 300 miles, depending on the location and the number of Cloudflare data centers nearby.
Read more »
online games
Cookies Cyber Fraud Discord Email malware online games

Watch Out: Fake Game Invites on Discord Are Stealing Your Personal Data

 



There is a new online scam, where cyber criminals trick people into downloading harmful software under the pretext of beta testing a game. This campaign targets people on platforms such as Discord, email, and even text messages, aiming at stealing personal information and compromising accounts online. 


How does this work?

The scam starts by sending a harmless message. In this case, a user on Discord or elsewhere receives a direct message from a purported game developer claiming to have sent them a new game to play. The user is asked whether they would want to try the supposed game. In most cases, these messages come from compromised accounts, so the request seems all the more real.

If the victim consents, the attacker shares a download link and password to the target so that they can actually access and start downloading the game file. These links are usually Dropbox or even Discord's network because most malware authors upload their creations to an existing, popular platform. But what users download aren't games-these are referred to as information stealers.


What Do These Malware Applications Do?

Once installed, these programs, such as Nova Stealer, Ageo Stealer, or Hexon Stealer, begin extracting sensitive data. This may include: 

1. Saved browser passwords

2. Session cookies for services like Discord or Steam

3. Wallet information for cryptocurrencies

4. Credit card information

6. Two-factor authentication (2FA) backup codes

The Nova Stealer and Ageo Stealer are the new wave called Malware-as-a-Service (MaaS). This enables cybercriminals to rent these tools to conduct attacks. Nova Stealer even leverages a feature called a Discord webhook, allowing it to send information directly to hackers so they could know right away how much data had been stolen and not have to manually check.

Another tool that is used in these scams is the Hexon Stealer. It is a highly dangerous tool since it can gather a wide variety of personal information. Using such information, it hacks into Discord accounts and enables the attackers to send similar fake messages to the contacts of the victim, thereby further spreading the malware. 


Why Do Hackers Target Discord?

The main focus of these attacks is the Discord credentials. When hackers get access to a person's account, they can pretend to be that person, deceive their friends, and expand their network of victims. This cycle of exploitation of trust makes the scam so effective. 


How to Identify Fake Game Websites

Fake download pages are usually built using common web templates. Such sites appear legitimate but host malware. Among them are the following:  

  • dualcorps[.]fr
  • leyamor[.]com 
  • crystalsiege[.]com 
  • mazenugame[.]blogspot.com

These sites are hosted on platforms that are resistant to takedown requests, making it difficult for researchers to shut them down. If one site is removed, attackers can quickly set up a new one. 


How Can You Protect Yourself? 

To keep yourself safe, follow these simple guidelines:

1. Be cautious with unsolicited messages: If someone you don’t know—or even a known contact—sends a download link, verify its authenticity through another platform.  

2. Avoid downloading unknown files: Don’t download or install anything unless you’re certain it’s legitimate.  

3. Use updated security software: An active anti-malware program can block known threats.

4. Be watchful of phony websites: Be on the lookout for amateurism or copy-and-paste designs when viewing suspicious sites.


In the end, this scamming attack is meant to reap a financial reward; it may come in the form of stolen cryptocurrency, credit card information, or other sensitive details. Knowing how this attack works can help you safeguard your data from cybercrime attacks.

Stay informed and be careful—your online safety depends on it.

Read more »
Phishing Attacks
Discord Discord Scam Gaming malware Phishing Attacks

Navigating the Danger Zone: Discord’s Battle Against Malware

Navigating the Danger Zone: Discord’s Battle Against Malware

In a recent six-month investigation, cybersecurity firm Bitdefender discovered a disturbing trend: fraudsters are using Discord, a popular communication platform, to distribute malware and carry out phishing attacks.

The Rise of Malicious Links

The research, in which Bitdefender shows over 50,000 harmful links discovered on Discord, demonstrates the platform's rising vulnerability to cyber threats.

Types of Malicious Links

Malware Distribution: Cybercriminals use Discord to distribute malicious software (malware) to unsuspecting victims. These malware strains can range from spyware and ransomware to keyloggers and remote access Trojans. By enticing users to click on seemingly harmless links, attackers gain unauthorized access to their systems.

Phishing Attacks: Discord is also a playground for phishing campaigns. Scammers create fake login pages or impersonate legitimate services, tricking users into revealing sensitive information such as login credentials, credit card details, or personal data. Phishing links often masquerade as enticing offers or urgent notifications.

Geographical Impact

The study found that users in the United States are particularly targeted, accounting for 16.2% of the threats. However, other countries—such as France, Romania, the United Kingdom, and Germany—are also affected. Cybercriminals cast a wide net, exploiting language barriers and cultural differences to maximize their reach.

Common Scams

One prevalent scam involves promises of free Discord Nitro—a premium subscription service. Users receive messages claiming they’ve won a free upgrade to Discord Nitro, enticing them to click on a link. Unfortunately, these links lead to phishing sites or initiate malware downloads. Users must exercise caution and verify the legitimacy of such offers.

Protecting Yourself

As a Discord user, here are essential steps to safeguard against these threats:
  • Be Skeptical: Treat unsolicited messages with suspicion, especially if they promise freebies or urgent alerts. Verify the sender’s identity before clicking any links.
  • Hover Before You Click: Hover your mouse pointer over a link to preview the URL. If it looks suspicious or doesn’t match the expected destination, avoid clicking.
  • Enable Two-Factor Authentication (2FA): Strengthen your account security by enabling 2FA. This adds an extra layer of protection against unauthorized access.
  • Stay Informed: Keep an eye on security news and updates related to Discord. Awareness is your best defense.
Read more »
Social Media
2FA data security Discord Privacy Social Media

Discord Users' Privacy at Risk as Billions of Messages Sold Online

 

In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.

How Does This Breach Work?

The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.

Potential Risks Involved

Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.

Operations of Spy.pet

Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.

How To Protect Yourself?

Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.

What Are The Implications?

Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.

The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.


Read more »
User Security
Discord Downfall devs Epsilon Stealer malware User Security

Hackers Breach Steam Discord Accounts, Launch Malware


On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system.

Developer Michael Mayhem revealed that the corrupted package is not a mod installed through Steam Workshop, but rather the packed standalone modified version of the original game.

Hackers breached Discord

The hackers took over the Discord and Steam accounts of one of the Downfall devs, giving them access to the mod's Steam account.

Once installed on a compromised system, the malware will gather information from Steam and Discord as well as cookies, saved passwords, and credit card numbers from web browsers (Yandex, Microsoft Edge, Mozilla Firefox, Brave, and Vivaldi).

Additionally, it will search for documents with the phrase "password" in the filenames and for additional credentials, such as Telegram and the local Windows login.

It is recommended that users of Downfall change all significant passwords, particularly those associated with accounts that are not secured by Two-factor authentication ( (2-factor authentification).

The virus would install itself, according to users who received the malicious update, as UnityLibManager in the /AppData/Roaming folder or as a Windows Boot Manager application in the AppData folder.

About Epsilon Stealer

Epsilon Stealer is a trojan that steals information and sells it to other threat actors using Telegram and Discord. It is frequently used to deceive players on Discord into downloading malware under the pretence of paying to test a new game for problems. 

But once the game is installed, malicious software is also launched, allowing it to operate in the background and harvest credit card numbers, passwords, and authentication cookies from users.

Threat actors could sell the stolen data on dark web markets or utilize it to hack other accounts.

Steam strengthens security

Game developers who deploy updates on Steam's usual release branch now need to submit to SMS-based security checks, according to a statement made by Valve in October.

The decision was made in reaction to the growing number of compromised Steamworks accounts that, beginning in late August, were being used to submit dangerous game builds that would infect players with malware.


Read more »
Technology
APT Cyber Fraud Cyberattacks CyberCrime Cybersecurity Discord Malware Threat Technology

Discord's Security Challenge: APTs Enter the Malware Mix

 


APT groups continue to use Discord to spread malware and exfiltrate data, it is being commonly used by hackers to distribute malware and as a platform to steal authentication tokens. Consequently, Discord is serving as a breeding ground for malicious activity. 

Considering a recent report by Trellix, it has been revealed that Discord is now being used by APT (advanced persistent threat) hackers, too, who target critical infrastructure through the platform to steal information. 

Even though cybercrime has grown in magnitude and relevance in recent years, Discord has not been able to implement effective measures. This has prevented Discord from being able to deter cybercrime, deal with the issue decisively or at least limit its potential impact. Online gaming and digital communication have become part of a household name due to Discord. This is a platform that is becoming increasingly popular among gamers, friends, and families for chatting, sharing, and collaborating. 

A lot of people, including millions of people worldwide, use the Discord program as a way to communicate with one another. 

Discord Viruses: What Are They?


The Discord virus is a phrase used to describe a group of malware programs which can be found in the Discord app or distributed through the Discord platform. Discord users are frequently fooled by cybercriminals by the use of various tricks so that their devices can be infected by a virus which will cause devastating effects on the users' devices. 

In Discord, users will most likely find a Remote Access Trojan (RAT), which is one of the most common types of malware. It is most commonly found that hackers spread them by sending links that contain malicious codes, and when they gain administrative rights over a user's device, they can track their activity, steal data and manipulate settings without knowledge. 

In Discord, users can also find RATs, spyware, adware, and other forms of malware that can potentially be installed along with the RAT. These can also be used as part of DDoS attacks as a means to spread viruses further into a user's system. 

Trellix researchers have recently discovered a new sample of malware targeted specifically at crucial Ukrainian infrastructure, which has put the cybersecurity landscape at a pivotal point. The APT activity in Discord has changed significantly in the last few months, as the latest platform to be targeted is the Advanced Persistent Threat (APT). 

There are three ways in which threat actors exploit Discord: they use its content delivery network (CDN) to distribute malware, they modify the Discord client to obtain passwords, and they exploit its webhook mechanism to gain access to the victim's data. This is made possible because Discord's CDN was commonly used to deliver malicious payloads on a victim's PC. 

As these files are sent from the trusted domain 'cdn.discordapp.com', malware operators can avoid detection by anti-virus software. The data from Trellix shows that more than 10,000 malware samples rely on Discord's CDN to load their second-stage payloads on their systems, mostly malware loaders as well as generic loader scripts.

In addition to RedLine stealer, Vidar, AgentTesla, and zgRAT, Discord's CDN also fetched several other payloads through it. There is one method, which is popular among users, to upload files that can later be downloaded, namely Discord’s Content Delivery Network (CDN). There seems to be no complicated method to this attack. 

The perpetrator fabricates a Discord account so that they can transfer a malicious file, which will then be shared discreetly through a private message. This method appears to be quite straightforward. The goal is to make the "second stage" available for download by simply copying and pasting the file's URL into a GET request which then allows it to be downloaded using the link that was handed to the user upon uploading the file.  

Identifying malware on Discord


Antiviruses should be able to detect malicious software including Discord viruses but keep an eye out for any significant changes to how the system works. For instance, pop-ups could indicate that the device has been infected with adware. Often, system performance changes can serve as a signal that something’s up. 

Whether a user's computer starts crashing more frequently, simply slows down, or the browser starts misbehaving, they should check your system for viruses. Outgoing traffic is a little harder to notice but an unexpected increase in data usage or network activity could indicate a malware infection. 

Some types of malware, such as botnets, use your device’s resources to carry out tasks like sending spam or carrying out denial-of-service (DoS) attacks. The usage of Discord by APT groups is a recent development, signalling a new and complex dimension of the threat landscape. 

While APTs may employ Discord for exploration or early-stage activities, they may still rely on more secure methods at later stages. However, general malware poses a different challenge. From trojans to ransomware, they have been using Discord’s capabilities for years, extending the range of business threats. 

To ensure the proper detection of these malicious activities and safeguard systems, monitoring and controlling Discord communications has become essential, even to the extent of blocking them if necessary.
Read more »
User ID
API Cyberattacks CyberCrime Cybersecurity Data Breach Discord Discord Users Technology User ID

Rising Concerns as Discord.io Data Breach Compromises 760,000 Users

 

Although digital companies have multiple data protections in place to safeguard their customers' information, hackers continue to find ways to circumvent them and gain access to sensitive data even though they have multiple data protections in place to safeguard customer data. 

Data breaches have become more common in recent years, despite an increased focus being placed on cybersecurity in recent years. There has been another data breach at Discord.io this time, unfortunately, as the company is now one of the victims of such attacks. Learn about the types of data that hackers have access to as well as what steps are being taken by the company to protect this data. 

There has been a massive data breach at a popular service used to create custom links for Discord channels which allows people to create custom links for their channels. The service has now announced that it will be shutting down operations for the time being. 

A major breach of Discord.io's database occurred on the night of August 14, and large swaths of user data were stolen as a result. Discord announced the breach on Tuesday. As TechRadar reported in its article about the breach, more than 760,000 members of the company had their information compromised by the breach, though the company did not reveal this number in its update.

Discord.io is a third-party service that allows users to create custom invitations to their Discord channels, which can then be shared by the channel owner with their friends and viewers. It is estimated that over 14,000 users have registered on the service's Discord server, which is where most of the community exists. 

As of yesterday, a person named 'Akhirah' has started offering the Discord.io database for sale on the newly launched Breached hacking forums. A threat actor shared four records from the database as proof that he had stolen data. The new Breached forums are being hailed as the rise of a popular cybercrime forum that used to be a place where people would sell and leak data stolen from compromised databases. 

A member's username, email address, billing address (which only a small number of people) and a salted and hashed password (which only a small number of people) were among the most sensitive data that were compromised in the breach. 

Discord.io has officially confirmed that they were breached via a notice posted to their Discord server and website, and has initiated the process of temporarily shutting down its services as a result. As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach. According to a timeline listed on the website for Discord.io, it was only after seeing the post on the hacking forum that they encountered the information about the data breach. 

Immediately after the leaked data was confirmed to be authentic, they shut down their services and cancelled all memberships that had been paid for. A spokesperson for Discord.io says that the person responsible for the breach has not contacted them and has not provided them with any information regarding how the breach occurred. A spokesperson for Akhirah, the seller of the Discord.io database, told BleepingComputer that he had not been in touch with the Discord.io operators before speaking with them.

It is clear from the revealed information about the users that the attacker was able to gather all types of sensitive information from Discord.io. There was data leaked by the company that included sensitive user information, including usernames, Discord IDs, email addresses, billing addresses, salted and hashed passwords, and much other sensitive information. Because Discord.io does not store any information about its users, it cannot confirm whether or not any credit card information was compromised in the attack. 

As part of the data breach, the platform acknowledges that certain information about users, including internal user IDs, avatar details, the status of users, coin balances, API keys, registration dates, last payment dates, and membership expiration dates may have been exposed.  

Currently, Discord.io has announced that it is suspending operations indefinitely due to this attack. There will be a temporary period when Discord.io will not be available during the next few months after the website is launched since it will cease to operate while it is being built. There will be a complete rewrite of the website code, in which it will be implementing a completely new security system, and the code will be completely rewritten, according to the platform. 


Read more »
Security
Cyber Security Data Data Safety Discord Pentagon Safety Security

Pentagon Concludes Review Following Discord Leak, Tightens Controls on Classified Info

 

The Pentagon has completed a comprehensive assessment lasting 45 days to evaluate the military's protocols regarding classified information, following a case where a National Guardsman leaked unnecessary classified information on Discord despite having a top-secret clearance.

The individual involved, Jack Teixeira, held his clearance due to his position as an information technology technician at Otis Air National Guard Base in Massachusetts. However, the fact that he leaked information he did not require prompted Defense Secretary Lloyd Austin to initiate the review. While the review was ordered on April 14, the U.S. Defense Department released its findings and recommendations on Wednesday.

According to investigators from the Defense Department, the vast majority of personnel granted access to classified national security information demonstrate compliance with security policies and understand the criticality of maintaining information security for national security purposes.

"At the same time, the review identified areas where the department should improve its security posture and accountability measures," the Defense Department said in a fact sheet.

The Pentagon said it will "reinforce existing security policies and practices" down to the bottom ranks and update them to reduce "ambiguity" while examining opportunities to tailor training and education to "better address current and evolving security needs," among implementing other recommendations.

"The department is mindful of the need to balance information security with requirement to get the right information to the right people at the right time to enhance our national security," the fact sheet reads.

"As DoD implements the recommendations and associated actions from this review, careful consideration will be given to guard against any 'overcorrection.'"

The Defense Department announced that Secretary Austin has concluded his examination of the findings and subsequently issued instructions to senior military leaders outlining necessary actions to enhance accountability measures in the short and medium term.

In a memorandum, Austin instructed Defense Department leaders to ensure that all personnel are accurately included and accounted for within designated security information technology systems by August 31.

Military leaders who are not part of the intelligence community have been instructed to validate the necessity of their personnel accessing sensitive compartmented information. Furthermore, they must ensure that all individuals with access to such information have a duly completed non-disclosure agreement on file by the end of September.

Austin has directed the Pentagon to establish a centralized tracking system by year-end for sensitive compartmented information facilities and special access program facilities. Additionally, employees working in these facilities must certify their adherence to policies that prohibit the use of personal electronic devices.
Read more »
Subscribe to: Posts (Atom)