The following analysis and screenshots are based on a malware sample with the SHA256 hash c92a7425959121ff49970c53b78e714b9e450e4b214ac85deb878d0bedf82a70.ĭeveloper environments hosted in the cloud like GitHub Codespace have given developers the opportunity to work from any location, but for all the freedom and flexibility they offer, they aren’t immune to attackers abusing these services. In this blog post, we detail our findings on how this info stealer is able to achieve persistence on a victim’s machine by modifying the victim’s Discord client. In our previous entry, we examined a Rust-based info stealer targeting Windows platforms that has anti-analysis and anti-debug procedures, and uses the file-sharing and storage platform Gofile and a Codespace-based webhook to exfiltrate Chromium-based browser credentials, credit cards, cryptocurrency wallets, and Steam and Discord tokens. With 150 million monthly active users worldwide, its growth has made Discord an attractive target for malicious actors looking to use its servers as a hub of illegal activity or an untapped hunting ground rife with potential victims. Discord's transition into mainstream appeal has been a double-edged sword: The surge of new users that flocked to the platform during the pandemic brought with it a growing cybercriminal presence that has raised concerns over security and privacy risks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |