![]() The packages’ payloads are varied, ranging from infostealers up to full remote access backdoors. Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed. We disclosed these 17 malicious packages to the npm code maintainers, and the packages were promptly removed from the npm repository - a good indication these packages are indeed causing issues. Put plainly: obtaining a victim’s Discord token gives the attacker full access to the victim’s Discord account. Many of them intentionally seek to attack a user’s Discord token, which is a set of letters and numbers that act as an authorization code to access Discord’s servers. Hot on the heels of that report, we are now sharing the findings of our most recent body of work - disclosing 17 malicious packages in the npm (Node.js package manager) repository that were picked up by our automated scanning tools. The advanced evasion techniques used in the PyPI malware packages signal a disturbing trend that attackers are becoming stealthier in their attacks on open source software. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach. Thanks for letting me talk what I want have a great day/night.The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. If you have permissions on a public Discord server, try to delete their messages and take action on people whose accounts have been comprimised.Don't click on random links (whatever platform you use, Do not click on random links unless it's a trusted and/or official website.).Sounds scary, isn't it? In order to prevent this, it's simple. If none of them work, you might have to start fresh and make a new account.Make sure that it does not run in the background.Make sure that there are no duplicates of the.Completely wiping off your Discord clients (including your browser if you've logged in there).Personally, I haven't ran an advanced token-grabber, but if this has happened to you, try: Fetch for "rare" accounts, for example, accounts that have the "Discord Partner" badge, or something along the lines may have a higher chance of being targeted.Automate messages and send it to all your friends.Fetch your credit card information (increases the chance of you getting Doxxed).Depenending on the complexity of the code it can: That means that if you have alt accounts that are logged in, those accounts will get token-grabbed too. Yes, tokens because many go to all the 5 Clients, that is, the Desktop (stable client, most probably the app you're using right now), Discord PTB, Discord Canary, Disord Development, and Discord Web. After the user gets token-grabbed, the hacker would have attached something called a "webhook" (something that is used to create beautiful embeds and automated messages) and it would have your token(s). What is a token you may ask? A token is a unique ID which is used to login to Discord instantly, instead of asking the e-mail and password of a user. ![]() When you run it, what happens is that it goes to where your Discord client is located (most probably in Appdata) and goes to the place where your token is stored. Let's say that you've "accidentally" clicked on a "bro I made a new game check it out" and you download it. ![]() What happens when you get token-grabbed on Discord?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |