In March, Acer refused to pay the $50 million ransom to REvil. Some of these token stealer malware include the victims avatar graphic, and their public-facing IP address, which they retrieved using services like ifconfig.me, ipify.org, iplogger.com, or wtfismyip.com. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. iOS and iPadOS are now on version 14.6 . ", "Everybodys using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them. Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware. One Discord network search turned up 20,000 virus results, researchers found. Discord operates its own content delivery network, or CDN, where users can upload files to share with others. Press J to jump to the feed. Use of this site constitutes acceptance of our User Agreement and Privacy Policy and Cookie Statement and Your California Privacy Rights. We found many files whose names suggested they served some function for gamers, and some in fact were: game cheats, game enhancements that claimed to be able to unlock paid content, license key generators and bypasses. According to the 2021 SonicWall Cyber Threat Report the world has seen a 62% increase in ransomware since 2019. Beware of links from platforms that got big during quarantine. The fact this is going on in almost every server I'm in is astonishing.. The Sketchy Plan to Build a Russian Android Phone. The stealer would then produce a nicely formatted submission to a specific Discord channel URL. Other collaboration platforms like Slack have similar features, Talos reported. With growing frequency, they're being used to serve up malware to victims in the form of a link that looks trustworthy. Discords malware problem isnt just Windows-based. WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. CDNs are also handy tools for cybercriminals to deliver additional bugs with multi-stage infection tactics. In many cases, Cisco found, those files are malicious; the researchers list nine recent remote-access spy tools that hackers have tried to install in this fashion, including Agent Tesla, LimeRAT, and Phoenix Keylogger. Its not unusual for Agent Tesla malware to download payloads as part of its infection process, but it was unexpected to find that the payload was also hosted in DIscords CDN. document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() ); Criminals abuse a successful chat service to host, spread, and control malware targeting their users. The C2 communications occur via webhooks. This communication flow can also be used to alert attackers when there are new systems available to be hijacked, and delivers updated information about those theyve already infiltrated, Talos said. On the business side, Mark Kedgley, CTO at New Net Technologies, recommends focusing on user privileges. "What we're seeing is a proliferation of social media-based attacks," said Ron Sanders, the staff director for Cyber Florida. The attacks used infected USB drives to deliver malware to the organizations. I advise no one to accept any friend requests from people you don't know, stay safe. Like Discords server instances, the storage objects are front ended by Cloudflare. November . Hackers can disguise their data exfiltration attempts through network masks. The Mystery Vehicle at the Heart of Teslas New Master Plan, All the Settings You Should Change on Your New Samsung Phone, This Hacker Tool Can Pinpoint a DJI Drone Operator's Location, Amazons HQ2 Aimed to Show Tech Can Boost Cities. Servers can be public or privatea server owner can require invite keys for individuals to join the servers channels and access content. Discord token loggers steal the OAuth tokens used to authenticate Discord users, frequently along with other credential data and system informationincluding tokens for Steam and other gaming platforms. The official 'Among Us Cafe' was hacked this morning and shit got out of control!! But the platform remains a dumping ground for malware. The 10 Biggest Cyber And Ransomware Attacks Of 2021 Michael Novinson December 23, 2021, 03:35 PM EST Technology, food production and critical infrastructure firms were hit with nearly $320. The tools allegedly make it possible, exploiting weaknesses in Discords protocols, for one player to crash the game of another player. As a result, Cisco has recorded a major uptick in the use of those links to deliver malware via email in the past year. @everyone Bad news, tomorrow is a cyber attack event, on all social media platforms including discord there will be people trying to send you gore, extreme profanity, porn, racist slurs, and there will also be ip grabbers hackers and doxxers. Read More Load More Increasingly, attackers rely on apps, from Discord to Slack, in order to trick users into opening malicious electronic content. 244. Subscribe to get the latest updates in your inbox. When a human opened the file, macros immediately delivered the payload. At just prior to publication time, more than 4,700 of those URLs, pointing to a malicious Windows .exe file, remained active. Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink This Thursday morning, Russia started its invasion on Ukraine and, as predicted, the attacks in the physical. Register herefor the Wed., April 21 LIVE event. It does not matter if it is real or not, the important thing is that everyone be careful with this delicate subject. Sponsored content is written and edited by members of our sponsor community. The WEF, Russia's Sberbank, and its cybersecurity subsidiary BIZONE announced in February that a new cyberattack simulation would occur July 9, 2021. The service also publishes an API, enabling developers to create new ways to interact with Discord other than through its client application. "Adversaries are most likely going to be affected by things like shutting down a server, shutting down a domain, blacklisting files," says Biasini. "Over the last several months weve seen tens of thousands, and the rate has been steadily increasing," says Biasini. In most cases, the [messages] themselves are consistent with what we have grown accustomed to seeing from malspam in recent years, Talos said. The easiest way for this to occur is when someone in your company neglects their privacy settings or publicly . And even for malware not hosted on Discord, the Discord API is fertile ground for malicious command and control network capability that conceals itself in Discords TLS-protected network traffic (as well as behind the services reputation). I'm not 100% sure, but i heard that tomorrow is a cyber attack event, on all social media platforms including discord there will be people trying to send you gore, extreme profanity, porn, racist slurs, and there will also be ip grabbers, hackers and doxxers. Recent cyber attacks have resulted in hundreds of millions of user records stolen, organizations held to ransom, and data being sold on the dark web. In another campaign using AsyncRAT, the malware downloader looked like a blank Microsoft document, but when opened used macros to deliver the bug. This type of spamming happened about 2 years ago (it was a big one), as far as I can remember- the massive flood of fake spam messages. It's not. :trollface: problem? The solutions, much like the threats themselves, need to be multi-faceted, according to experts. Increased social engineering attacks. In many cases, these token values were sent directly to other Discord channels or user accounts through the use of Discords own API, by means of an HTTPS POST request to a specific URL on Discord. A variety of different compression algorithms typically come into the picture. You won free discord nitro, go-to site to claim it! At least they had SOME decency, only spamming in the spam channel. "Its the same old stuff: Dont click links from people you dont know. It is the essential source of information and ideas that make sense of a world in constant transformation. 1997 - 2023 Sophos Ltd. All rights reserved, our investigation into the use of TLS by malware, previously written about Agent Teslas capabilities, What to expect when youve been hit with Avaddon ransomware. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. In other cases, hackers have integrated Discord into their malware for remote control of their code running on infected machines, and even to steal data from victims. One of the primary ways weve observed malware being deployed from Discords CDN is through social engineeringusing chat channels or private messages to post files or external links with deceiving descriptions as a lure to get others to download and execute them. Every company and organisation has data of value to cybercriminals who sell it on the Dark Net. While its clear that some of the malware on Discord is specifically intended to disable computers or disrupt the ability of gamers to reach their platforms of choice, the prevalence of information stealers, remote access tools, and other criminal malware poses risks well beyond the gaming enthusiast sphere. Malware is a program that can attack your computer and are very harmful. REvil Demands $50M Ransom. Can businesses and/or users really attend to all of the inbound emails and messages that they receive these days? Operation Pridefall was a hoax made by 4chan as a threat to lower the reputation of the LGBT+ community. The Push to Ban TikTok in the US Isnt About Privacy. It's up to you to accept requests. it is big bullshit, cause why would it even happen? Privacy Policy. As for organizations who do use Discord and can't block itor individual users who don't have enterprise-style security policieshe says they should learn to eye Slack and particularly Discord links just as warily as they do any other link that comes from a stranger. Cyber warfare is a twenty-first century concept, one that we have only begun to comprehend and develop. You have nothing to be afraid of in case you saw the message. Where just you and handful of friends can spend time together. While it would be impractical to list off the full set of static and behavioral detections that these files might trigger if executed on a protected machine, we can safely say that the full set of files has been processed by the Labs team, who ensured that our existing defenses could block any of these from causing damage. Hacked accounts anonymously deliver malware and may be repurposed for social engineering feats. Because so many of the files had been there for months, the destination servers did not respond, but we could observe the profiling data being written to the hard drive. Malicious links of this nature can evade security detection. At the time of writing, Discord does not implement client verification to prevent impersonation by way of a stolen access token, according to Talos. "We are working to enhance our processes to make it easier to report these types of issues, improve the way these issues are internally routed for faster triaging, and dedicate more resources to proactively identifying this type of abuse," the spokesperson writes. 36.6K. In April, Russian ransomware-as-a-service gang REvil hit Apple supplier Quanta with a $50 million ransomware attack. Here are 5 of the biggest cyber attacks of 2021. One of the key challenges associated with malware delivery is making sure that the files, domains or systems dont get taken down or blocked, Talos researchers explained in their report. -And Apple iPhone, iPad, Mac and iWatch users should make sure the latest versions of their operating systems are installed. Content strives to be of the highest quality, objective and non-commercial. It's not real, it's not going to happen and the only people who believe this have an IQ of less than 20. The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal expertise in attacking them. But fundamentally, how can any business or any user be expected to stay on top of the glut of communications channels todays workers are feverishly trying to maintain? Location: Russia and Ukraine. Cyber Attack is a Series of Annual Events for Threat Intelligence, Cyber Security, Digital Investigation, Cyber Forensics, Artificial Intelligence, IoT, Machine Learning, Big Data, Fintech held throughout Asia Pacific (APAC) region including Philippines, Australia, Hong Kong, Malaysia, Singapore, Taiwan, Vietnam, Thailand, China and more . Luke Irwin 4th May 2021. And when users get caught, they can burn their account and create a new one. Its a technique routinely observed across malware distribution campaigns that focus on RATs, stealers and other types of data exfiltration tools. Sean Gallagher is a Senior Threat Researcher at Sophos. But Discord users should remain vigilant to the threat of malicious content on the service, and defenders should never consider any traffic from a cloud service as inherently safe based on the legitimacy of the service itself. Over the past year, they observed many common compression algorithms being used, including .ACE, .GZ, .TAR and .ZIP, and several less common types, like .LZH. The attackers . 19,540,399 attacks on this day. Unfortunately, 2021 was no stranger to these instances. The Security Station monitors and protects home networks from cyber attacks as well as manages the network. The growing popularity of the game-centric text and voice chat platform has not failed to draw the attention of malware operators. Employee monitoring increased with Covid-19s remote workand stuck around for back-to-the-office. A new cyberattack simulation, Cyber Polygon, will occur in July 2021. The Android malware files were given names and icons that could lead someone to believe they are legitimate banking or game updater apps. Researchers witnessed this behavior across malware types, noting that a single Discord CDN showed nearly 20,000 results in VirusTotal. A figure that is set to rise further still as threats become more sophisticated and difficult to detect. At least one Discord network search emerged with 20,000 virus results, found some researchers. Please pass this on to any servers that you own or have admin perms and can server ping in to spread awareness. Any time it says tomorrow it doesnt come, its just another day on discord, like any other. Press question mark to learn the rest of the keyboard shortcuts. You should tell whoever sent you this to stop being a gullible idiot and stop spreading fear, and tell whoever they got it from the same thing. The High-Stakes Blame Game in the White House Cybersecurity Plan. They gave me Petya, which infected my hard drives. They log stolen tokens back to a Discord channel through a webhook connection, allowing their operators to collect the OAuth tokens and attempt to hijack access to the accounts. They can also be served up over email, where hackers can far more easily trawl for victims en masse, impersonate a victim's colleagues, and reach users with whom they have no previous connection. CA, United States GA, United States Dominican Republic China Mauritius Sweden MO, United States Germany. His work with the Labs team helps Sophos protect its global customers, and alerts the world about notable criminal behavior and activity, whether it's normal or novel. The list of top cyber attacks from 2020 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other. This reminds me of the Instagram hoax where it some crap that goes like "instagram is deleting accounts on old servers, post this to keep your account saved" or whatever. Endpoint protection (and at the enterprise level, TLS inspection) can offer protection against these threats, but Discord provides little protection against malware or social engineering itselfusers of Discord can only report the threats they encounter and self-moderate, while new scams emerge daily. In addition to message and stream routing, Discord also acts as a content delivery network for digital content of all types. We observed significant volumes of malware hosted in Discords own CDN, as well as malware interacting with Discord APIs to send and receive data. These have been disclosed to Discord, and the majority of them have since been removed; however, new malware continues to be posted into Discords CDN, and we continue to find malware using Discord as a command and control network. It never has been any of the hundreds of times people have spread such stupid chain mail. Several generated popups within the device that demanded that the user activate them as a device admin, which gives the apps near-total control over the device. DO NOT BELIEVE THIS!! Messages were delivered by attackers in several languages, including English, Spanish, French, German and Portuguese, they added. To revist this article, visit My Profile, then View saved stories. Change control and vulnerability management as core security controls should be in place as well. The computer has to support USB-C DisplayPort VESA Alternate Mode for the 4K port to function. In April, we reported over 9,500 unique URLs hosting malware on Discords CDN to Discord representatives. Without UAC, executables can run with administrative privileges without requiring the user to allow it. The versatility and accessibility of Discord webhooks makes them a clear choice from some threat actors, states the report. In one related campaign, AsyncRAT appeared as a blank Microsoft document. Now, a group of researchers has learned to decode those coordinates. The pace of attacks is relentless, leading to renewed efforts from President Joe Biden to "deliver" a message to Putin that they're unacceptable. This is all the more likely to occur when fake file links are shared within the confines of the collaboration app channel itself. The token logger also collects machine fingerprint data, and attempts to scrape other cookies and credential tokens from the targets machine as well, so there may be more damage done than just the loss of an account. An unknown hacking group is actively spreading a virus designed for Discord called the NitroHack malware. Crossing the Line: When Cyberattacks Become Acts of War, Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks, Watering Hole Attacks Push ScanBox Keylogger, Firewall Bug Under Active Attack Triggers CISA Warning, Why Physical Security Maintenance Should Never Be an Afterthought, Contis Reign of Chaos: Costa Rica in the Crosshairs, Rethinking Vulnerability Management in a Heightened Threat Landscape. Please be careful tomorrow. Take a look for yourself! Feel free to contact me if you want more information about these two sons-of-bitches. Causing you to spread from server to server and spreading the fear to even more people. Simplification is one way to narrow the attack surface and make it reasonable for users to be mindful of the security of their interactions, Chris Hazelton with Lookout advised. These included a number of banking-focused malware and spyware, as indicated by the Sophos detections below: Tell the mods if you see a suspicious friend request from a stranger Stay away from websites such as Omegle today and tomorrow to keep you safe from revealing your personal and private information. Please pass this on to any servers that you own or have admin perms and can server ping in to spread awareness. That payload, in turn, downloaded a DLL named TextEditor.dll from a different website, and injected it into a running system process. The researchers explained that Slack, Discord and other collaboration app platforms use content delivery networks (CDNs) to store the files shared back and forth within channels. Plus: The US Marshals disclose a major cybersecurity incident, T-Mobile has gotten pwned so much, and more. This functionality is not specific to Discord. IBM X-Force estimates that REvil made at least $123 . This is such a fake news. > One of the Linux-based malicious archives we retrieved was this file, named virus_de_prost_ce_esti.rar, which translates from the original Romanian language to what a stupid virus you are. List of data breaches and cyber attacks in April 2021 - 1 billion records breached. In many cases, the token stealers pose as useful utilities related to online gaming, as Discord is one of the most prevalent chat and collaboration platforms in use in the gaming community. Discord allows programmers to add "webhooks" to their code that automatically update a Discord channel with information from an application or website. Retweets. A cyber attack crippled the internet for many customers across major cities in New Zealand on Friday. Information from the Discord CDN is commonly converted into the final malicious payload and hackers may load this onto systems remotely. Threat actors who spread and manage malware have long abused legitimate online services. Save my name, email, and website in this browser for the next time I comment. Another malware sample we found advertised itself as an installer for Browzar, a privacy-oriented web browser. By rejecting non-essential cookies, Reddit may still use certain cookies to ensure the proper functionality of our platform. Spread this post to any of your friends who came across something like this, report people who do the things mentioned in num 6. Likes. Turn off your router for about 3-5 hours (or even more if you want to stay safer) and when you turn it back on, your IP will change. Discord responded to our reports by taking down most of the malicious files we reported to them. With more organizations using Discord as a low-cost collaboration platform, the potential for harm posed by the loss of Discord credentials opens up additional threat vectors to organizations. Log-in (site) to claim! In addition to profiling the system, many of the samples attempted to retrieve browser tokens that would permit their operators to log in to Discord using the victims account, or installed keystroke logger components that monitored for user input and attempted to pass it along to a command and control server. It has been another month of comparatively few reported cyber attacks and data breaches, with our August list containing 84 incidents accounting for 60,865,828 breached records. Many of the programs used a variety of methods to profile the infected system and generate a data file they attempt to upload to a command-and-control server. And some Discord users clearly seek to use the platform to harm others computers out of spite rather than for financial gain. In 2020, the coronavirus pandemic prompted the rapid expansion of the distributed workforce and in 2021, weve seen the cyber criminals cashing in. For more information, please see our Step 1: Right-click the Start button and choose Device Manager from the list to open it. . But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. Cyber attackers are targeting workflow and collaboration tools in order to deliver info-stealers, remote-access trojans (RATs) and other forms of malware. Read More. Among the malicious files we discovered in Discords network, we found game cheating tools that target games that integrate with Discord, in-game. Most of the token stealers failed to retrieve a token from the testbed because the only credentials used for Discord on the test system were used in the Discord Windows app; The faux victim had never logged in to the service using the browser. By leveraging these chat applications that are likely allowed, they are removing several of those hurdles and greatly increase the likelihood that the attachment reaches the end user. Wtf man that messed up .. We also found applications that serve as nothing more than harmless, though disruptive, pranks. DO NOT AND I MEAN DO NOT BELIEVE THIS! Employees report attacks via Agent Tesla, AsyncRAT, FormBook and other infections. @everyone Please listen to the instructions in this message : it is not written by me, but this is a very real threat. Imagine a Place where you can belong to a school club, a gaming group, or a worldwide art community. These include .ACE, .GZ, .TAR and .ZIP, along with less commonly seen kinds, such as .LZH. A file called fortniat.exe, advertised as a multitool for FortNite, was actually a malware packer that drops a Meterpreter backdoor. I know I can't be the only one to think this is bullshit. Cyber-attack Eventmeans any actual or suspected unauthorized system access, electronic attack, or privacy breach, including denial of service attack, cyber terrorism, hacking attack, Trojan horse, phishing attack, man-in-the-middle attack, application-layer attack, compromised key attack, malware infection (including spyware or Ransomware) or computer virus. Cyber Attack Event Manila Series provides the Philippines' IT executives an opportunity to gather for a day of networking, collaboration, knowledgetransfer through peer-led keynotes, breakouts, panels, and networking sessions. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victimssometimes in unexpected ways. WIRED is where tomorrow is realized. With merely a few stolen access tokens, an attacker can employ a truly effective malware campaign infrastructure with very little effort. In addition, the ability to maintain anonymity throughout this process represents a significant draw for hackers. Discords servers are Google Cloud instances of Elixir Erlang virtual machines, front-ended by Cloudflare.