Discord, the wide-reaching platform for chats, video and voice conferences, is currently a popular target for cybercriminals. A current investigation by the malware analysis team at G DATA CyberDefense shows that there are currently many new malicious programs in circulation that steal so-called access tokens from Discord users. These tokens work like a key: whoever can show the right thing gets access to the account. A sample from the last four months alone showed almost 70 different families of Discord stealers. The Discord clients for Microsoft Windows are primarily the target of these attacks.

“That is a worryingly high number,” says Karsten Hahn, malware analyst at G DATA CyberDefense. “More and more established malware suites such as Redline are currently retrofitting such Discord Stealers. It is shockingly easy for people with criminal intent to obtain actually usable source code for malware.”

The current stealers are spread via email, but also through compromised downloads and cracked games. The malware manipulates the files of the Discord client. Therefore, after discovering the malware, users must reinstall the client and change their password immediately to lock out the perpetrators. This means that the old token automatically loses its validity and is worthless to criminals.

Discord as a worthwhile goal

Well-known streamers and other online celebrities and influencers often use Discord as a communication platform. There they keep in touch with their communities, promote their content, sell products, coordinate events and offer participants a chat platform for exchange. Anyone who takes over someone else's account on the platform has access to everything the user has communicated via it. If someone manages to take over the account of a better-known Twitch streamer or YouTuber, this has an immediate impact.

Protective and emergency measures

New Discord stealers are currently being added to identify and defend against G DATA security solutions. In order to effectively protect yourself against theft and misuse of your own account, four steps are required:

  • Install a current protection solution and keep it up to date.
  • In case of infection: Reinstall client and change password.
  • Enable two-factor authentication if not already done.
  • Be skeptical of spontaneous direct messages in which the supposed sender asks for money.

There is a detailed blog post with Indicators of Compromise in the G DATA Security Blog

That could also be of interest

The Pedagogical University. No fake. There are always a lot of funny and bizarre pictures on social media. Continue reading …


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )