Discord is becoming an increasingly popular chat application with more than 350 million users and cybercriminals are preying on its popularity. Now JFrog researchers discovered multiple malicious npm packages attempting to hijack Discord tokens.

What’s going on?

The research team found 17 malicious packages in the npm repository, which attack and steal users’ Discord tokens. The payloads vary - ranging from remote access backdoors to infostealers. Furthermore, different packages have different infection techniques, such as trojan functionality, typosquatting, and dependency confusion. However, the packages were removed before they could score a massive number of downloads. 

Why this matters

If executed well, this kind of attack has severe connotations. Hijacking a user’s Discord token provides the perpetrators with full access and control over the account. In addition, public hack tools make this attack easy enough for even amateur hackers to conduct.
  • Hacked Discord accounts can be leveraged for social engineering purposes and to disseminate malware.
  • Attackers may be targeting Discord Nitro accounts to resell them in online marketplaces. 
  • Moreover, Discord servers can be used as anonymous C2 servers that can control a RAT or an entire botnet. They can also be used as anonymous exfiltration channels. 

Discord is a popular target

  • A new crypter, Babadeda, was spotted targeting the NFT, crypto, and DeFi communities by breaching Discord channels. The threat actors would approach crypto-themed Discord channels and send private texts to targets, asking them to download an app or a game. 
  • Last month, 11 malicious Python packages were caught stealing Discord tokens and installing shells. These packages were found in the PyPI repository and were downloaded more than 41,000 times. 

The bottom line

There has been a surge in malware aiming to steal Discord tokens due to the immense number of users on Discord. Public repositories have become a convenient tool for malware propagation. While malicious codes are not in a single place for long, with automation, cybercriminals can quickly ensnare a large number of victims. This comes as a huge threat and hence, it is necessary that proper mitigation steps are put in place to avert such attacks.

Cyware Publisher