FlagThis - #discord

A critical vulnerability in Discord's invitation system has been identified, enabling malicious actors to hijack expired or deleted invite links and redirect unsuspecting users to harmful servers. Check Point Research (CPR) uncovered this flaw, revealing that attackers are exploiting a Discord feature that allows the reuse of expired or deleted invite links. By registering vanity links, attackers can silently redirect users from trusted sources, such as community forums and social media posts, to malicious servers designed to deliver malware.

CPR's research details real-world attacks leveraging hijacked links to deploy sophisticated phishing schemes and malware campaigns. These campaigns often involve multi-stage infections that evade detection by antivirus tools and sandbox checks. The attack tricks users with a fake verification bot and phishing site that look like legitimate Discord servers, leading victims to unknowingly run harmful commands that download malware on their computer. The malware spreads quietly in multiple steps using popular, trusted services like GitHub and Pastebin to hide its activity and avoid detection.

The attackers are primarily targeting cryptocurrency users, with the goal of stealing credentials and wallet information for financial gain. Over 1,300 downloads have been tracked across multiple countries, including the U.S., Vietnam, France, Germany, and the UK, demonstrating the global scale of the campaign. The delivered malware includes remote access trojans (RATs) like AsyncRAT and information-stealing malware like Skuld Stealer, posing a significant threat to users' security and privacy.


References :

• blog.checkpoint.com: Attackers took advantage of a Discord feature that lets expired or deleted invite links be reused, allowing them to hijack trusted community links and redirect users to harmful servers.
• cyberinsider.com: Expired Discord Invites Hijacked for Stealthy Malware Attacks
• Virus Bulletin: Check Point Research uncovered an active malware campaign exploiting expired & released Discord invite links.
• bsky.app: Hackers are hijacking  expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware.
• research.checkpoint.com: From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
• The Hacker News: Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
• The DefendOps Diaries: Discord Flaw Exploitation: A Detailed Analysis of Reused Expired Invites in Malware Campaigns
• CyberInsider: Expired Discord Invites Hijacked for Stealthy Malware Attacks
• BleepingComputer: Discord flaw lets hackers reuse expired invites in malware campaign
• Check Point Research: From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

Classification:

• HashTags: #Cybersecurity #Discord #Malware
• Company: Check Point Research
• Target: Discord Users
• Product: Discord
• Feature: Invite Hijacking
• Malware: AsyncRAT
• Type: Malware
• Severity: Major