Hunting through telemetry, we found 58 unique malicious apps that can be run on Android devices. Press J to jump to the feed. Employees report attacks via Agent Tesla, AsyncRAT, FormBook and other infections. April 12, 2021 EXECUTIVE SUMMARY: At least one Discord network search emerged with 20,000 virus results, found some researchers. SophosLabs Principal Researcher Andrew Brandt blends a 20-year journalism background with deep, retrospective analysis of malware infections, ransomware, and cyberattacks as the editor of SophosLabs Uncut. To illustrate the type of attacks that have occurred on the Discord platform, researchers used the below screenshot to acknowledge a first-stage malware tasked with retrieving an ASCII blob from a Discord CDN. 19,540,399 attacks on this day. October 20, 2022. Discord relies heavily on user reports to police abuse. You kids need to read up on "Chain Mail Letters". Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. Crossing the Line: When Cyberattacks Become Acts of War, Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks, Watering Hole Attacks Push ScanBox Keylogger, Firewall Bug Under Active Attack Triggers CISA Warning, Why Physical Security Maintenance Should Never Be an Afterthought, Contis Reign of Chaos: Costa Rica in the Crosshairs, Rethinking Vulnerability Management in a Heightened Threat Landscape. Cyber-attack Eventmeans any actual or suspected unauthorized system access, electronic attack, or privacy breach, including denial of service attack, cyber terrorism, hacking attack, Trojan horse, phishing attack, man-in-the-middle attack, application-layer attack, compromised key attack, malware infection (including spyware or Ransomware) or computer virus. "If you have never clicked a Discord URL before, dont start now. You have nothing to be afraid of in case you saw the message. But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. Phony messages arrived in several different languages. One of the primary ways weve observed malware being deployed from Discords CDN is through social engineeringusing chat channels or private messages to post files or external links with deceiving descriptions as a lure to get others to download and execute them. According to FortiGuard Labs, 2022 is shaping up to be a banner year for cybercriminals, with ransomware on the rise and an unprecedented number of attackers lining up to find a victim. Most routers/modems do this, if your router/modem doesn't do it, browse these search results here. And even for malware not hosted on Discord, the Discord API is fertile ground for malicious command and control network capability that conceals itself in Discords TLS-protected network traffic (as well as behind the services reputation). One strategy might be for organizations to narrow the attack surface. Threat actors who spread and manage malware have long abused legitimate online services. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Rather than encrypting files, this ransomware locks the victim out of the desktop environment. don't be online tomorrow, there is a possible cyber attack on oct 12, if you see this, copy and paste this in every server and make everyone aware, don't acc. Colonial Pipeline In May of 2021, hackers, identified as DarkSide, accessed the Colonial Pipeline network, involving multiple stages against Colonial Pipeline IT systems. By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. iOS and iPadOS are now on version 14.6 . WIRED is where tomorrow is realized. In another campaign using AsyncRAT, the malware downloader looked like a blank Microsoft document, but when opened used macros to deliver the bug. The files will then be compressed, further hiding the malicious content. Taking place on July 9, 2021, Cyber Polygon this time is about simulating a cyber attack on the digital data streams that have skyrocketed during the coronavirus pandemic. Fortunately, in those cases, the sites had already locked or taken down the payload script, so the stealer failed to complete its task. Registry run entries are designed to invoke the malware after system restarts. We observed significant volumes of malware hosted in Discords own CDN, as well as malware interacting with Discord APIs to send and receive data. As for organizations who do use Discord and can't block itor individual users who don't have enterprise-style security policieshe says they should learn to eye Slack and particularly Discord links just as warily as they do any other link that comes from a stranger. It's not. Use of this site constitutes acceptance of our User Agreement and Privacy Policy and Cookie Statement and Your California Privacy Rights. That's why I left the majority of random public servers and I don't regret it to this day. The data from the Discord CDN is converted into the final malicious payload and injected remotely, the report said. 'You've won Crimson Dissolver! Cyber attackers are targeting workflow and collaboration tools in order to deliver info-stealers, remote-access trojans (RATs) and other forms of malware. The hijacking accounts with this information has cropped up as an issue. Causing you to spread from server to server and spreading the fear to even more people. Its not unusual for Agent Tesla malware to download payloads as part of its infection process, but it was unexpected to find that the payload was also hosted in DIscords CDN. Servers can be public or privatea server owner can require invite keys for individuals to join the servers channels and access content. On the business side, Mark Kedgley, CTO at New Net Technologies, recommends focusing on user privileges. The links don't have to be delivered to victims inside of Slack or Discord. Occasionally, wed also stumble across a malware that attempted to send the data to a channel on Slack. Also, make sure to be offline tomorrow which gives you less chance for this to happen to you." Like Discords server instances, the storage objects are front ended by Cloudflare. As an example, Talos uses the Discord CDN, which is accessible by a hardcoded CDN URL from anywhere, by anyone on the internet. "Over the last several months weve seen tens of thousands, and the rate has been steadily increasing," says Biasini. and our Discord token loggers steal the OAuth tokens used to authenticate Discord users, frequently along with other credential data and system informationincluding tokens for Steam and other gaming platforms. Ever wonder what goes on in underground cybercrime forums? We also encountered several ransomware families hosted in the Discord CDNlargely older ones, usable only to cause harm, as theres no longer a way to pay the ransom. The official 'Among Us Cafe' was hacked this morning and shit got out of control!! A figure that is set to rise further still as threats become more sophisticated and difficult to detect. This simulated exercise will take place at the WEF's annual 'Cyber Polygon' digital event. This is the second unclassified annual cyber threat report since ASD became a statutory agency in July 2018. A Slack spokesperson responded with a statement pointing out that since February, Slack has blocked .exe files from being shared via external links and has blocked many other potentially dangerous file types on Slack Connect, which allows users to send messages between Slack installations. Once it has evaded detection by security, its just a matter of getting the employee to think its a genuine business communication, a task made easier within the confines of a collaboration app channel. If you don't believe it, it's fine, neither do i but its just to be safe) Tips for everyone to be safe: Check keep me safe in Privacy and safety Dont accept friend requests from anyone that doesnt have any mutual servers/friends with you Keep calm stay safe . This is such a fake news. Cybercrimes are estimated to cost the Australian economy billions of dollars (1.9% GDP), and that does not take into account the significant number of online crimes and fraud in 2021. DO NOT AND I MEAN DO NOT BELIEVE THIS! It has been another month of comparatively few reported cyber attacks and data breaches, with our August list containing 84 incidents accounting for 60,865,828 breached records. As a result, users may respond too quickly or share information across communication tools without much thought, leading to diminished security and the escalation of a potential threat. Russia maintains one of the world's most . This communication flow can also be used to alert attackers when there are new systems available to be hijacked, and delivers updated information about those theyve already infiltrated, Talos said. A message has been going on from server to server spreading like a virus, it's about the 'Pridefall' cyber-attack event. Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. Acer Acer was hit with multiple cyber attacks in 2021. And some Discord users clearly seek to use the platform to harm others computers out of spite rather than for financial gain. Apr 7, 2021 8:00 AM Hackers Are Exploiting Discord and Slack Links to Serve Up Malware Beware of links from platforms that got big during quarantine. Discord hackers are nothing but cyberbullies and cyberterrorists. Here are 5 of the biggest cyber attacks of 2021. But when the Discord architecture is used for activities that are limited to targets not necessarily within the Discord user community, they can go unreported and persist for months. In addition to profiling the system, many of the samples attempted to retrieve browser tokens that would permit their operators to log in to Discord using the victims account, or installed keystroke logger components that monitored for user input and attempted to pass it along to a command and control server. Imagine a Place where you can belong to a school club, a gaming group, or a worldwide art community. I advise no one to accept any friend requests from people you don't know, stay safe. 1 To successfully detect and defend against security threats, we need to come together as a community and share our expertise, research, intelligence, and insights. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. SophosLabs would like to thank the Trust & Safety team at Discord for rapidly responding to our requests to take down malware. We also found applications that serve as nothing more than harmless, though disruptive, pranks. Cyber attackers are targeting workflow and collaboration tools in order to deliver info-stealers, remote-access trojans (RATs) and other forms of malware. The Discord platform operates by generating an alphanumeric string for each user. In March, Acer refused to pay the $50 million ransom to REvil. But the primary responsibility to put more security in place is on the platforms themselves, according to Oliver Tavakoli, CTO of Vectra. While there were too many incidents to choose from, here is a list of . Follow him at @threatresearch on Twitter for up-to-the-minute news about all things malicious. WASHINGTON A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident. Read More. Discord needs to clean up its act before more people get hurt! Just two recent examples of Microsoft's efforts to combat nation-state attacks include a September 2021 discovery, an investigation of a NOBELIUM malware referred to as FoggyWeb, and our May 2021 profiling of NOBELIUM's early-stage toolset compromising EnvyScout, BoomBox, NativeZone, and VaporRage. An unknown hacking group is actively spreading a virus designed for Discord called the NitroHack malware. Other collaboration platforms like Slack have similar features, Talos reported. And this excludes the malware not hosted within Discord that leverage Discords application interfaces in various ways. "Adversaries are most likely going to be affected by things like shutting down a server, shutting down a domain, blacklisting files," says Biasini. Aside from pushing Slack and Discord to more effectively scan the files for signs of malware that they host as external links, Cisco's Biasini argues that organizations should consider simply blocking Discord links, given that it's not often used as an authorized collaboration tool inside of enterprise networks. Files may be uploaded to a given collaboration tool, enabling users to create external links for the file. It's up to you to accept requests. For example, Conrados FiveM Crasher, a game cheat for Grand Theft Auto multiplayer servers hosted on community-run servers, pulls data from FiveMs integration with Discord to crash players nearby in gameplay: One of the Linux-based malicious archives we retrieved was this file, named virus_de_prost_ce_esti.rar, which translates from the original Romanian language to what a stupid virus you are. Several generated popups within the device that demanded that the user activate them as a device admin, which gives the apps near-total control over the device. Disguised as a mod with special features called Saint, the Minecraft installer bundled a Java application that was capable of capturing keystrokes and screenshots from the targets system, as well as images from the camera on the infected computer. 36.6K. Green Goblin also has two identities, of Harold Osborn and Green Goblin. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack. This event is totally fake. Updated on: October 21, 2019 / 12:02 PM / CBS News. China Is Relentlessly Hacking Its Neighbors. The API involved in the Discord platform has emerged as an effective tool with which hackers can siphon data from a network. The breakthroughs and innovations that we uncover lead to new ways of thinking, new connections, and new industries. The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal expertise in attacking them. The team used this screenshot to illustrate this type of attack on Discord, showing a first-stage malware tasked with fetching an ASCII blob from a Discord CDN. O And a file labeled Roblox_hack.exe actually carried a variant of WinLock ransomware, one of several ransomware variants we found in Discords CDN. It will also require security vendors to step up and use the telemetry to detect and block attacks within these communication channels.. Russia-linked cyber attack could cost 1m to fix Gloucestershire 4 Oct 2022 Planning site largely restored after cyber attack Gloucestershire 30 Sep 2022 Cyber attack continues to hit. At the time of writing, Discord does not implement client verification to prevent impersonation by way of a stolen access token, according to Talos. NO ONE CAN GRAB YOUR IP JUST BY ADDING YOU AS A FRIEND. Social media has turned into a playground for cyber-criminals. Cisco's security division, Talos, published new research on Wednesday highlighting how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals. Like any developer-friendly platform, these features are ripe for abuse. This technique was frequently used across malware distribution campaigns associated with RATs, stealers and other types of malware typically used to retrieve sensitive information from infected systems, the Talos team explained. Spread this post to any of your friends who came across something like this, report people who do the things mentioned in num 6. The other two attacks, attributed to the Desorden Group, were carried. These include .ACE, .GZ, .TAR and .ZIP, along with less commonly seen kinds, such as .LZH. WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. (Weve previously written about Agent Teslas capabilities.). The Android malware files were given names and icons that could lead someone to believe they are legitimate banking or game updater apps. Discord is not the only service being abused by malware distributors and scammers by any means, and the company is responsive to take-down requests. A file called fortniat.exe, advertised as a multitool for FortNite, was actually a malware packer that drops a Meterpreter backdoor. Every company and organisation has data of value to cybercriminals who sell it on the Dark Net. Now Its Paused. Hackers can disguise their data exfiltration attempts through network masks. Location: Russia and Ukraine. Employee monitoring increased with Covid-19s remote workand stuck around for back-to-the-office. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting . In 2020, the coronavirus pandemic prompted the rapid expansion of the distributed workforce and in 2021, weve seen the cyber criminals cashing in. This leads to lesser awareness of risks in sharing across collaboration platforms and other communications tools.. According to user JustKebab here on Reddit, Pridefall was a hoax made by 4chan as a threat to lower the reputation of the LGBT+ community. Social engineering, a non-technical strategy that relies on human interaction and often involves deceiving people into breaching standard security practices, will only increase in the new year. ", 2023 Cond Nast. One of the key challenges associated with malware delivery is making sure that the files, domains or systems dont get taken down or blocked, states a recent report. Among those remaining available just prior to publication were an app that performs fraudulent ad-clicking (classified as Andr/Hiddad-P); apps that drop other malware (Andr/Dropr-IC and Andr/Dropr-IO) on the device; backdoors that permit a remote attacker to access the victims mobile device, including one that was transparently a Metasploit framework Meterpreter (Andr/Bckdr-RXM and Andr/Spy-AZW); and a copy of the Anubis banker Trojan (Andr/Banker-GTV) that intercepts and forwards the credentials for online financial transactions to criminals. With merely a few stolen access tokens, an attacker can employ a truly effective malware campaign infrastructure with very little effort. In addition, the ability to maintain anonymity throughout this process represents a significant draw for hackers. The WIRED conversation illuminates how technology is changing every aspect of our livesfrom culture to business, science to design. Updated Sep 28, 2022 at 2:44pm Operation Pridefall is a 4chan campaign in which users are being encouraged to cyber sabotage companies that support pride month in June 2020. A Python-based proof-of-concept token logger can be found on GitHub and easily turned into an executable customized to communicate with the server of the malware operators choice. ]casa) that contains Discord API code and scrapes data from the system related to Discord and other applications. Posted Mon 24 May 2021 at 4:46am Monday 24 May 2021 at 4:46am Mon 24 May 2021 at 4:46am, updated .