Summary:
Discord’s growing popularity has made it a prime target for cybercriminals, particularly in 2024. Attackers exploit gaming communities on the platform to deploy malicious packages that can steal sensitive information and hijack accounts. Recent research highlights various harmful packages and their techniques, emphasizing the need for heightened security awareness among users.
#DiscordSecurity #MaliciousPackages #OpenSourceThreats
Discord’s growing popularity has made it a prime target for cybercriminals, particularly in 2024. Attackers exploit gaming communities on the platform to deploy malicious packages that can steal sensitive information and hijack accounts. Recent research highlights various harmful packages and their techniques, emphasizing the need for heightened security awareness among users.
#DiscordSecurity #MaliciousPackages #OpenSourceThreats
Keypoints:
Discord has over 614 million registered users, making it an attractive target for attackers.
70% of users engage in gaming, which is often exploited by cybercriminals.
Malicious code targeting Discord is frequently uploaded to public package registries.
Packages like ‘djs-colours’ and ‘discord.js-sound’ have been identified as harmful, executing malicious files upon download.
Dynamic analysis revealed suspicious activities, including registry modifications and file downloads.
Multiple packages exhibit similar malicious patterns, indicating a trend in supply chain attacks on the open-source ecosystem.
MITRE Techniques
Execution (T1203): Executes malicious code downloaded from compromised packages.
Credential Dumping (T1003): Monitors user actions to capture sensitive information like tokens.
Command and Control (T1071): Utilizes Discord’s infrastructure to maintain communication with compromised systems.
Exfiltration Over Command and Control Channel (T1041): Transfers stolen data through the same channels used for command and control.
IoC:
[URL] hxxps://cdn.discordapp.com/attachments/1226837177728503868/1226837233776984186/Uninstall-Node.js.exe
[URL] hxxps://cdn.discordapp.com/attachments/1196096543380471808/1197649993318805625/updater.exe
[URL] hxxps://cdn.discordapp.com/attachments/1199378108181131297/1199378245481660556/TankuumSetup.exe
[URL] hxxps://cdn.discordapp.com/attachments/1213492000243056683/1213492205113712660/Tankuum-Install.exe
[URL] hxxps://cdn.discordapp.com/attachments/1208807524732637188/1208878059499946054/HEosnziOZnnae2.exe
[URL] hxxps://nftstorage.link/ipfs/bafybeic6ynabp3it46jpokbvohdr2ipkrojw2nbxun42ls6r4df6h3a53e/app.exe
[URL] hxxps://dl.dropbox.com/scl/fi/jjtrgmwdcc4mfddjdajdi/discordpy.exe
Full Research: https://socket.dev/blog/trends-in-malicious-packages-targeting-discord