Tag Archive for: Discord

Telegram and Discord Bots Delivering Infostealing Malware

/in


A new report from security vendor Intel471 reveals how cybercriminals are using bots already deployed in messaging apps Discord and Telegram to deliver malware and steal user credentials.

In addition, these actors are targeting Roblox and Minecraft gaming platforms in similar attacks. Researchers pointed out that Discord’s content delivery network (CDN) is actively used for hosting malware because the platform doesn’t impose restrictions on file hosting.

The report revealed that these file hosting links are accessible to anyone without requiring authentication. This allows cybercriminals a credible “web domain to host malicious payloads.”

For your information, bots are used on Discord and Telegram so that users can play games, share data, and moderate channels to eliminate unwanted content. However, Intel471’s researchers identified that these can be used for delivering malware.

Some malware strains researchers found deployed in Discord’s CDN include Pay-Per-Install malware (PPI) Discoloader, PrivateLoader, Smokeloader, Agent Tesla, Autohotkey, Raccoon stealer, njRAT and many more.

Bots Stealing User Info from Systems

Researchers explained that threat actors use trojan malware to steal information from devices/systems attached to legit bots in the apps. The malware can steal a wide range of information. This includes the following:

  • Passwords
  • Bookmarks
  • Autofill data
  • Payment card data
  • Cryptocurrency wallets
  • Browser/session cookies
  • Microsoft Windows product keys
  • VPN (virtual private network) client logins

It is worth noting that using bots to spread malware on such platforms is nothing new. A report published last year explained how Telegram bots are stealing OTP (One-Time Password).

When it comes to Discord, there are a plethora of reports from cybersecurity companies explaining how one of the most frequently used messenger services in the world is used in spreading malware.

Messaging Apps Have Become Attackers’ C&C Mechanisms

According to Intel471’s report, cybercrooks use messaging apps like Telegram as their Command and…

Source…

Teen “Hackers” on Discord Selling Malware for Quick Cash

/in


Cybersecurity researchers urge parents to keep track of their children’s online activities.

Avast security researchers have discovered a server on Discord where a group of minors is involved in developing, upgrading, marketing, and selling malware and ransomware strains on the platform, supposedly to earn pocket money.

The researchers believe all of them are minors since they repeatedly mentioned their parents and teachers and casually used age-specific insults. Researchers learned about their activities through their discussion on Discord.

Minors Promoting Easy-to-Use Malware

The hackers are involved in selling malware strains of Snatch, Lunar, and Rift and offer all kinds of services from info-stealers to ransomware and cryptominers. However, researchers noted that teen hackers mainly provide easy-to-use malware builders and toolkits, which help users employ the “Do it yourself” (DIY) approach to use them without actual programming. All they need to do is customization of appearance and functions.

More “Kids Doing Cyber Crime” News

How does the Group operate?

Interested parties must pay a fee to become a group member or use the malware-as-a-service feature. The registration fee ranges between €5 and €25. In their report, Avast researchers noted that around 100 accounts have already subscribed to access a hacking group.

The malware distribution process is a little unconventional. The hackers create a YouTube video demonstrating a fake crack for a popular computer game or commercial software, including a download link in the description.

To develop a sense of authenticity, other members of the Discord group post comments on the video and thank the author while confirming that the link actually worked. This strategy is much more twisted than bots for adding comments since it becomes impossible to identify fraud when a video receives comments from genuine users.

How to Deal with Teen Hackers?

It is a fact that this scenario is concerning. Therefore, hacking talent among teens and minors must be diverted towards positive, ethical purposes for the overall betterment of the cybersecurity industry.

Parents must talk to their…

Source…

Sophos research: Hackers targeting Discord platform

/in


Cybercriminals are increasingly using the popular chat platform Discord to distribute and control malware targeting users of the service, new research by next-generation cybersecurity company Sophos has found.  

According to researchers from the company, malware is increasingly targeting the Discord chat platform, and the misuse of Discord has grown substantially over the last year. The cyberthreats uncovered by the researchers include information-stealing malware, spyware, backdoors, and ransomware resurrected as “mischiefware”. 

The findings are based on an analysis by Sophos researchers of more than 1,800 malicious files detected on Discord’s content management network (CDN). Among other things, the research reveals how the number of URLs hosting malware on the network during the second quarter of 2021 increased by 140% compared to the same period in 2020.

Sean Gallagher, senior threat researcher at Sophos said “Discord provides a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware – in much the same way attackers have used Internet Relay Chat and Telegram. Discord’s vast user base also provides an ideal environment for stealing personal information and credentials through social engineering.”

“We found one malware that can steal private images from the camera on an infected device, as well as ransomware from 2006 that the attackers have resurrected to use as ‘mischiefware’. The mischiefware denies victims access to their data, but there’s no ransom demand and no decryption key,” said Gallagher.

“Further, adversaries have caught on that companies increasingly use the Discord platform for internal or community chat in the same way they might use a channel like Slack. This provides attackers with a new and potentially lucrative target audience, especially when security teams can’t always inspect the Transport Layer Security-encrypted traffic to and from Discord to see what’s going on and raise the alarm if needed.”

The investigation into malicious content linked to Discord found the following:

1. The malware is often…

Source…

Security researcher: Criminals use Discord to distribute malware

/in


According to security researchers, the content delivery network (CDN) of the voice and text chat platform Discord is increasingly being misused by criminals to spread malware. The security company Sophos writes that four percent of their malware downloads examined came from Discord in the second quarter of this year. Users can upload and exchange files via Discord. According to Sophos, this has a number of advantages for cyber criminals.

Overall, Sophos found 14,000 malicious files on the Discord CDN and sees an upward trend. So that criminals can place their malicious software there, all they need is a chat room that anyone can set up free of charge. As soon as a file is uploaded, it lands on cdn.discordapp.com. In this Google Cloud Storage, Trojans can then be reached all over the world via a fast CDN.

Files can be called up directly

Discord uploads files to its CDN, but no longer deletes them.

(Image: screenshot)

The special thing about it: You do not need to log in to access the file. If you call up the URL of the uploaded file, the browser asks directly whether the file should be downloaded. If this URL is linked in an email, there is no warning or anything else that could distract from the download.

Even if the message with the file attachment is deleted on Discord, the file itself can still be accessed in the CDN, as heise online found out in a short test. And it gets even better: If you delete the so-called “server” (actually a created, administrative room) on Discord with all messages, channels and users, the file was still available to us in the CDN.

Free malware hosting

The problem is by no means new. According to Sophos, a lot of malicious software landed on Discords CDN last year. Discord has not changed the basic functionality, but relies on reports from users and scans itself for malicious code. However, malware cannot be easily distinguished from non-malicious software without fully analyzing its behavior.

Among the files found by Sophos were some malware families that intercept stored login data or ensure that the attacker can remotely control the affected computer. We therefore recommend that you be…

Source…