From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Check Point Research uncovered a malware campaign exploiting expired Discord invite links to redirect users to malicious servers. The attackers use a combination of techniques including ClickFix phishing, multi-stage loaders, and time-based evasions to deliver AsyncRAT and a customized Skuld Stealer targeting crypto wallets. The campaign leverages trusted cloud services for payload delivery and data exfiltration to avoid detection. The operation continues to evolve, with threat actors now able to bypass Chrome's App Bound Encryption using adapted tools like ChromeKatz to steal cookies from new Chromium browser versions. The campaign highlights how subtle features in Discord's invite system can be exploited as attack vectors.
OPENCTI LABELS :
phishing,evasion,asyncrat,discord,crypto wallets,chromekatz,skuld stealer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery