Recent security threats identified in Discord demonstrate how attackers are using the invitation system to distribute malware targeted at crypto users.
Discord Invite Link Issues
According to a report by Check Point, attackers exploit vulnerabilities in Discord’s invitation system to deliver malware known as Skuld and the AsyncRAT remote access Trojan. They hijack vanity links, allowing them to redirect users from trusted sources to malicious servers.
Malware Functions
The Skuld malware is capable of harvesting seed phrases from crypto wallets such as Exodus and Atomic using a wallet injection method. It replaces original application files with trojan-loaded versions downloaded from GitHub, while another loader, Goland, is used to steal sensitive data from various browsers and platforms.
User Deception Methods
Attackers use legitimate invitation links to redirect users to malicious servers. Victims are forced to enter their information to verify access to the server, after which their systems are infected through social engineering tactics.
The identified campaigns illustrate how criminals undermine user trust in the Discord platform by exploiting its features for their own purposes.
