Tag: Discord | Page 3

Panda Stealer malware targets digital currencies via Discord links, spam emails

May 16, 2021/in Computer Security

There’s a new malware that’s targeting digital currency wallets, spreading through spam emails and Discord channels. The malware, dubbed Panda Stealer, has mostly targeted victims in the U.S., Germany, Japan and Australia.

Security company Trend Micro was the first to detect the malware. In a recent blog post, the Tokyo-based firm revealed that Panda Stealer is delivered through spam emails posing as business quotes to lure unsuspecting victims into opening malicious Excel files.

The malware has two infection chains, the security company revealed. In the first, the criminals attach a .XLSM document that contains malicious macros. Once the victim enables the macros, the malware downloads and executes the main stealer.

In the second infection chain, the spam emails come with a .XLS attachment containing an Excel formula that hides a PowerShell command. This command attempts to access paste.ee, a Pastebin alternative, that in turn accesses a second encrypted PowerShell command. According to Trend Micro, this command is used to access URLs from paste.ee for easy implementation of fileless payloads.

“Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum,” the company noted.

The malware doesn’t limit itself to digital currency wallets, however. It steals credentials to other applications such as Telegram, NordVPN, Discord and Steam. It’s also capable of taking screenshots of the infected computer and capturing and transmitting data from browsers like cookies and passwords.

Trend Micro found another 264 files similar to Panda Stealer on VirusTotal. Over 140 command and control (C&C) servers and over 10 downloaded sites were used by these samples.

It concluded, “Some of the download sites were from Discord, containing files with names such as “build.exe,” which indicates that threat actors may be using Discord to share the Panda Stealer build.”

Security researchers have linked the Panda Stealer malware campaign to an IP address assigned to virtual private servers rented from Shock Hosting. However, the hosting…

Source…

New Ransomware Demands Discord Gift Codes Instead of Crypto

April 20, 2021/in Internet Security

This site may earn affiliate commissions from the links on this page. Terms of use.

Ransomware is an unfortunate reality of the modern digital age, and you may think you’ve seen it all after major malware attacks like NotPetya and Maze. However, NitroRansomware has a new trick up its sleeve. Rather than asking victims to pay the ransom with cryptocurrency, it asks for a Discord gift card.

You might be thinking that Discord is a free chat platform, and you’re right. Casual Discord users might not even know that there is a paid version of the service. For $9.99 per month, you can get Discord Nitro, which includes perks such as HD video streaming, more emoji, and larger file uploads. When buying Nitro, you can choose to apply it to your account or get a gift link. That’s what the latest ransomware is after.

The malware reportedly makes its way onto systems by pretending to be a tool that allows the user to generate free Nitro gift codes, according to BleepingComputer. So, anyone who installs it will get very much the opposite of what they wanted. As with all other forms of ransomware, NitroRansomware sets up shop and encrypts the documents folder, appending a .givemenitro extension to the scrambled files. It also changes the user’s wallpaper to an angry Discord logo (above) before popping up the demand for payment.

Victims of the ransomware are given three hours in which to buy a Nitro code and enter it in the box. When a valid code is added, the malware decrypts the files with an embedded key. That key is stored inside the EXE, making it possible to salvage your files without paying the price — it’s not the most sophisticated malware in the world. However, it does try to steal your data because why not?

The malware decrypts files after getting a valid Discord gift link, but the keys are static and hidden in the EXE.

Upon installation, NitroRansomware searches for the user’s Discord installation directory and copies the login tokens….

Source…

Cyber Security Today – Calling for an end to cyberattacks on healthcare, an Android security update, and an alert to Discord users – IT World Canada

May 27, 2020/in Mobile Security

Cyber Security Today – Calling for an end to cyberattacks on healthcare, an Android security update, and an alert to Discord users IT World Canada
“android security news” – read more

Tag Archive for: Discord