1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cybercriminals are targeting gamers with expired Discord invite l

    From TechnologyDaily@1337:1/100 to All on Sat Jun 21 19:30:09 2025
    Cybercriminals are targeting gamers with expired Discord invite links which redirect to malware servers - here's how to stay safe

    Date:
    Sat, 21 Jun 2025 18:27:00 +0000

    Description:
    Expired Discord invite links are being hijacked to redirect users into
    malware traps targeting gamers.

    FULL STORY ======================================================================Cybercri minals are recycling expired Discord links to launch silent, devastating multi-stage malware attacks A fake Discord bot tricks users into running PowerShell commands disguised as CAPTCHA fixes Old community invite links now lead to malware servers stealing your data and digital assets

    Cybercriminals are increasingly exploiting a lesser-known flaw in Discords invitation system to target unsuspecting users, particularly gamers, new research has claimed.

    A report from researchers from Check Point found attackers manage to register previously valid invite links with custom vanity URLs.

    The tactic involves hijacking once legitimate and trusted expired or deleted Discord invite links and redirecting them to malicious servers hosting multi-stage malware campaigns. From trusted links to dangerous redirects

    These hijacked links, often embedded in old forum posts, community pages, or social media, are being used to silently funnel users to Discord servers operated by threat actors.

    Once on these fake servers, users are greeted with what appears to be a standard verification process.

    A bot named Safeguard prompts visitors to click a Verify button, which initiates an OAuth2 process and redirects them to a phishing site.

    The site employs a social engineering method called ClickFix, where users are tricked into copying and running a PowerShell command under the guise of fixing a broken CAPTCHA.

    This action silently launches the malware installation chain, with the attackers using cloud services such as Pastebin, GitHub, and Bitbucket to deliver the payloads in multiple stages, allowing them to blend into normal network traffic.

    Initial scripts download executables that retrieve further encrypted
    payloads, which include AsyncRAT, a tool that gives attackers remote control over infected systems, and a tailored variant of the Skuld Stealer designed
    to extract credentials and cryptocurrency wallet data.

    Gamers have become a prime target, with campaigns even disguising malware as tools like The Sims 4 DLC unlockers - one archive named Sims4-Unlocker.zip
    was downloaded over 350 times, highlighting the campaign's reach.

    Through clever evasion techniques such as delayed execution and command-line argument checks, the malware often bypasses detection from even the best antivirus software .

    The threats extend beyond typical malware infections. The Skuld Stealer used in these attacks can extract crypto wallet seed phrases and passwords, effectively granting full control over victims digital assets.

    Considering the focus on cryptocurrency theft and credential harvesting, individuals should reinforce their defenses with robust identity theft protection services.

    These tools can monitor for unauthorized use of personal information, alert users to breaches, and assist in recovering compromised digital identities.

    While some might assume that endpoint protection tools would shield them from these tactics, the multi-layered, modular structure of the attack often flies under the radar.

    To stay safe, users must be wary of Discord invite links, especially those embedded in old content. Also, avoid running unexpected scripts or following suspicious verification steps. You might also like These are the best
    internet security suites available Take a look at our pick of the best best VPNs with antivirus you can use right now World's largest AI chip maker hit
    by crypto scam - Cerebras says token isn't real, so don't fall for it



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cybercriminals-are-targeting-gamers-wit h-expired-discord-invite-links-that-redirect-to-malware-servers-heres-how-to-s tay-safe


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)