” This service currently costs $100 per year and unlocks several cosmetic options for the user (emojis, badges, etc.) and the option to “boost” chosen servers which enhances the call & video quality of streams on that server. A victim is much more likely to accept (and execute) an arbitrary file from a friend’s account on Discord, versus a file sent by a complete stranger.ĭiscord operates a premium service called “ Discord Nitro. Hacked Discord accounts can be used for social engineering purposes, to keep spreading malware – either manually or automatically via a worm. If an attacker obtains arbitrary Discord users/servers, this allows for better attack anonymization since any attack using these credentials would be traced to the legitimate user and not the attacker. In our previous research, we noted that the “noblesse” malware family uses Discord webhooks to exfiltrate stolen data. Alternatively, the Discord servers can be used as an anonymous exfiltration channel. Using the platform as part of an attackĭiscord servers are often used as anonymous command & control (C2) servers, controlling a Remote Access Trojan (RAT) or even an entire botnet.With this in mind, one might wonder: Why steal Discord tokens?įrom our research, we have hypothesized several enticing reasons: This is done either privately (user to user) or within persistent virtual rooms called “servers.” noblesse, DiscordSafety) and now also in the npm repository.ĭiscord is a ubiquitous digital communication platform with over 350 million registered users that enables communication via voice calls, video calls, text messaging and media files (or other arbitrary files). We’ve recently seen a surge of Discord token-grabbing malware, previously in our PyPI publications (ex. The “infection method” was guessed from package metadata - actual attacks were not observed. Additionally, the packages have different infection tactics, including typosquatting, dependency confusion and trojan functionality.īefore we dive into the details on what we discovered and how you can best protect yourself against this threat, we also want to recommend you read through our article for tips on best practices for vulnerability scanning. The packages’ payloads are varied, ranging from infostealers up to full remote access backdoors. Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed. We disclosed these 17 malicious packages to the npm code maintainers, and the packages were promptly removed from the npm repository - a good indication these packages are indeed causing issues. Put plainly: obtaining a victim’s Discord token gives the attacker full access to the victim’s Discord account. Many of them intentionally seek to attack a user’s Discord token, which is a set of letters and numbers that act as an authorization code to access Discord’s servers. Hot on the heels of that report, we are now sharing the findings of our most recent body of work - disclosing 17 malicious packages in the npm (Node.js package manager) repository that were picked up by our automated scanning tools. The advanced evasion techniques used in the PyPI malware packages signal a disturbing trend that attackers are becoming stealthier in their attacks on open source software. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach. If you want to change the config, open up main.py and locate it at the top.The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Put something in such as "Token_Logger" (You can always rename the file later) A Window will open prompting for a name.Double Click setup.bat and allow it to finish.Locate the config at the top of the file and Replace "WEBHOOK_HERE" with your discord webhook. Open up main.py with notepad or some other editor.> All Passwords, Cookies and History from Google > Their Passwords & Credit Cards for Discord (updates when they change it) (Bypasses BetterDiscord, Token Protector and Discord's new encryption) > Pretty Fast Even if it Was Made With Python > Supports /Rdimo/Discord-Webhook-Protector so webhook can't be deleted or spammed Why Hazardv2 won't be more OP ┋ Want an even better grabber? ┋ Why choose hazard v2? Hazard was made for educational purposes, therefor all consequences caused by your actions are your responsibility and accountability.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |