Tag: discord

16 Attack Reports | 0 Vulnerabilities

Attack reports

Arkanix Stealer: Newly discovered short term profit malware

A new information stealer named Arkanix has emerged, likely designed for short-term financial gains. Advertised on Discord, it has rapidly evolved from a Python-based to a C++ version. The malware steals data from various browsers, crypto wallets, VPN accounts, and system information. It employs so…
python
infostealer
discord
c++
vmprotect
crypto wallets
browser data
2025-12-01
arkanix stealer
chrome elevator
arkanix
Published: December 1, 2025
Downloadable IOCs: 3

New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2

Kaspersky researchers uncovered new malicious operations by the Tomiris threat actor targeting foreign ministries, intergovernmental organizations, and government entities. The attacks, which began in early 2025, show a shift in tactics with increased use of implants leveraging public services like…
apt
discord
telegram
havoc
government targets
adaptixc2
2025-11-28
jlorat
tomiris powershell telegram backdoor
multi-language malware
tomiris c# reverseshell
tomiris c/c++ reverseshell
tomiris python telegram reverseshell
reverse shells
tomiris python discord reverseshell
tomiris c# telegram reverseshell
tomiris rust downloader
tomiris python filegrabber
distopia backdoor
tomiris go reversesocks
tomiris go reverseshell
tomiris rust reverseshell
tomiris c++ reversesocks
Published: November 28, 2025
Downloadable IOCs: 66

Tracking an evolving Discord-based RAT family

ReversingLabs has identified four new remote access trojans (RATs) utilizing Discord for command and control. These RATs, operated by the STD Group, include Minecraft RAT, UwUdisRAT, STD RAT, and Propionanilide RAT. The malware, written in C++, uses a ROT23 cipher to encode Discord bot tokens for C…
discord
2025-10-31
std rat
propionanilide
uwudisrat
minecraft rat
propionanilide rat
Published: October 31, 2025
Downloadable IOCs: 0

New Python RAT Targets Gamers via Minecraft

A new multi-function Python RAT has been discovered targeting gamers through Minecraft. The malware, posing as a legitimate Minecraft client called 'Nursultan Client', uses the Telegram Bot API for command and control. It has capabilities including screenshot capture, webcam access, Discord token t…
surveillance
rat
python
minecraft
discord
telegram
gaming
2025-10-22
token theft
nursultan client
Published: October 22, 2025
Downloadable IOCs: 1

UNVEILING A PYTHON STEALER – INF0S3C STEALER

Inf0s3c Stealer is a sophisticated Python-based malware designed to collect system information and user data. It systematically gathers host identifiers, CPU information, network configuration, and captures screenshots. The malware enumerates running processes, generates directory views, and compil…
python
stealer
discord
data exfiltration
pyinstaller
system reconnaissance
upx packing
2025-09-03
windows api
blank grabber
inf0s3c stealer
umbral-stealer
Published: September 3, 2025
Downloadable IOCs: 1

Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot

A recent attack on poorly managed Linux servers has been identified, involving the installation of SVF Botnet, a DDoS Bot malware developed in Python. The malware uses Discord as its C&C server and employs multiple proxy servers for DDoS attacks. The threat actor gains access through weak SSH crede…
linux
ddos
discord
ssh
brute force
dictionary attack
proxy servers
2025-08-20
svf bot
svf botnet
Published: August 20, 2025
Downloadable IOCs: 0

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

A VBS-based infostealer called Cmimai Stealer has emerged, targeting Windows systems since June 2025. It collects system information, browser metadata, and screenshots, exfiltrating data via Discord webhooks. The malware uses PowerShell scripts for browser data collection and screen capture, runnin…
powershell
windows
infostealer
exfiltration
discord
vbs
browser-data
2025-08-13
wmi
screenshot
cmimai stealer
Published: August 13, 2025
Downloadable IOCs: 0

Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

A sophisticated mobile banking trojan, DoubleTrouble, has evolved in distribution methods and capabilities. Initially spread through phishing websites impersonating European banks, it now utilizes Discord channels for distribution. The malware employs advanced obfuscation techniques, abuses Android…
android
discord
keylogger
2025-08-01
mobile banking trojan
Published: August 1, 2025
Downloadable IOCs: 40

Discord Invite Hijacking: How Fake Links Are Delivering Infostealers

Cybercriminals are exploiting Discord's invite system and content delivery features to distribute malware and steal sensitive data. They use fake invite links, expired codes, and vanity URLs to redirect users to malicious servers. The attack chain involves a sophisticated combination of social engi…
phishing
social engineering
cryptocurrency
asyncrat
discord
multi-stage attack
wallet injection
chromekatz
skuld stealer
2025-06-20
invite hijacking
Published: June 20, 2025
Downloadable IOCs: 0

From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

Check Point Research uncovered a malware campaign exploiting expired Discord invite links to redirect users to malicious servers. The attackers use a combination of techniques including ClickFix phishing, multi-stage loaders, and time-based evasions to deliver AsyncRAT and a customized Skuld Steale…
phishing
evasion
asyncrat
discord
crypto wallets
2025-06-13
chromekatz
skuld stealer
Published: June 13, 2025
Downloadable IOCs: 0

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire
Published: March 27, 2025
Downloadable IOCs: 5

Matrix Unleashes A New Widespread DDoS Campaign

A new widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix has been uncovered. The operation combines public scripts, brute-force attacks, and exploitation of weak credentials to create a botnet capable of global disruption. Matrix targets vulnerabili…
cryptocurrency
ddos
iot
botnet
mirai
discord
vulnerability exploitation
CVE-2018-10562
CVE-2018-10561
CVE-2017-17215
telegram
2024-11-27
CVE-2014-8361
brute-force
CVE-2017-18368
script kiddie
CVE-2018-9995
pybot
CVE-2024-27348
CVE-2017-17106
discordgo
CVE-2022-30525
CVE-2022-30075
Published: November 27, 2024
Linked vulnerabilities : CVE-2024-27348, CVE-2021-20090, CVE-2022-30525, CVE-2018-10562, CVE-2018-10561, CVE-2022-30075, CVE-2018-9995, CVE-2017-17106, CVE-2017-18368, CVE-2014-8361, CVE-2017-17215
Downloadable IOCs: 12

Crystal Rans0m: Hybrid ransomware with stealer capabilities

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …
stealer
rust
discord
2024-10-21
anti-vm
monero
hybrid ransomware
crystal rans0m
session
Published: October 21, 2024
Downloadable IOCs: 5

RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The discovery of an espionage group leveraging Rafel in their operations was of particular significance, as it indicates the tool’s efficacy across various threat actor profi…
ransomware
android
infostealer
discord
2024-06-20
google play
rafel rat
data wipe
smartphone
2fa bypass
Published: June 20, 2024
Downloadable IOCs: 6

DISGOMOJI Malware Used to Target Indian Government

Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
linux
espionage
india
discord
2024-06-18
golang
privilege escalation
disgomoji
CVE-2022-0847
Published: June 18, 2024
Linked vulnerabilities : CVE-2024-3400, CVE-2022-0847
Downloadable IOCs: 149

Iluria Stealer; a Variant of Another Discord Stealer

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…
stealer
2024-05-24
discord
credentials
nikki stealer
iluria stealer
epsilon stealer
Published: May 24, 2024
Downloadable IOCs: 5
Click here to see more Attack Reports