Discord Invite Hijacking: How Fake Links Are Delivering Infostealers

SUMMARY :

Cybercriminals are exploiting Discord's invite system and content delivery features to distribute malware and steal sensitive data. They use fake invite links, expired codes, and vanity URLs to redirect users to malicious servers. The attack chain involves a sophisticated combination of social engineering, multi-stage loaders, and time-based evasion tactics. Victims are tricked into authorizing a fake bot, which leads to the deployment of AsyncRAT and a customized Skuld Stealer. These malware variants target browser credentials, Discord tokens, and cryptocurrency wallets. The campaign uses trusted platforms like GitHub and Bitbucket to host encrypted payloads, and employs advanced techniques to bypass security measures and maintain persistence.

OPENCTI LABELS :

phishing,social engineering,cryptocurrency,asyncrat,discord,multi-stage attack,wallet injection,chromekatz,skuld stealer,invite hijacking


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Discord Invite Hijacking: How Fake Links Are Delivering Infostealers