A malware campaign is using Discord to lure victims into installing a remote access trojan (AsyncRAT) and the Skuld Stealer spyware that focuses on
stealing wallets such as Exodus, Atomic (probably many other wallets), as well as stealing passphrases and other personal information (which may be financially relevant to hackers).
The attack exploits expired or deleted invitation codes, even blocked ones,
redirecting users to phishing sites, where they are tricked into performing a "security check", that fake captcha verification that executes a malicious JavaScript script to the clipboard after the victim executes the code on Windows (or another operating system).
From what I understand, the malware also employs a wallet injection technique, replacing legitimate files with malicious versions hosted on Github and other trusted services.
Read the news for all the details:
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto WalletsThis ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server.
"This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said.
That said, be careful with your cold and hot wallets, don't click on suspicious invitation links, don't download or emulate pirated games, because even though this attack was disclosed by reliable sources (Discord), many victims are deceived and have their data and funds stolen. In addition, keep your software and OS updated, always check the pgp signature of your software whenever possible.
