Threat on Discord targets cryptocurrency and NFT enthusiasts

Discord, the popular communications app, is once again being used as a digital threat vector against cryptocurrency and NFT enthusiasts. The attack is being distributed from viruses encrypted in installers available at addresses posted on public channels of the cross-platform application. So far, it is not known what the criminals are aiming for.

According to researchers at the virtual security company Morphisec, the threat has been active since May, with its creators using an cryptor called Babadeda (Russian expression meaning grandfather and grandmother) to implant the viruses in program and application installers. harmless.

The threat is mainly being distributed on Discord’s public servers aimed at discussing the cryptocurrency market and NFTs. Criminals often post to these channels or send private messages to users advertising the apps.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!

In some cases, they may even pose as familiar projects, such as the crypto game. Mines of Dalama, with criminals creating fake websites that perfectly simulate real pages, to increase potential victims’ confidence that everything is legitimate.

In addition to the similarity to the official versions, these fake sites allow HTTPS connections, which causes browsers to display the green padlock next to the address bar, helping victims to feel safe on the page.

If users download and run the supposed installers, their devices can be infected with Remcos, malware that allows remote access and control of machines; or with BitRAT, a remotely managed Trojan that can download other threats to the affected computer, such as ransomware.

So far, it is not known what the criminals are aiming for with this attack. Since the targets are cryptocurrency enthusiasts, the most plausible speculation is that they are planning to steal the victims’ assets.

Discord’s hit is persistent

As much as the criminals’ objective has yet to be discovered, the campaign is dangerous for all the reasons mentioned above and for its possibility of persistence.

This means that even when the infection is detected and eliminated by antivirus solutions, if criminals have configured the threat installer to implement a persistence mechanism, when the computer restarts it comes back, keeping the device compromised.

For now, the only solutions to this attack are using security solutions that can protect specific parts of a computer’s memory, such as Norton 360, Bitdefender and Kaspersky Internal Security.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
WP Twitter Auto Publish Powered By :