this post was submitted on 12 Jun 2025
9 points (100.0% liked)

Cybersecurity

7676 readers
58 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
9
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery (research.checkpoint.com)
submitted 2 weeks ago by Pro@programming.dev to c/cybersecurity@sh.itjust.works
0 comments fedilink hide all child comments
 
  • Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. > - Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers.
  • The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets.
  • Payload delivery and data exfiltration occur exclusively via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord, helping the operation blend into normal traffic and avoid raising alarms. The operation continues to evolve, and threat actors can now bypass Chrome’s App Bound Encryption (ABE) by using adapted tools like ChromeKatz to steal cookies from new Chromium browser versions.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here