@PaahSecurity Your misinformed tweet is causing more damage than any good honestly. I had more people spread misinformation about this and start new rumors based on what you said.
How about make a new tweet about it and sharing a resource more about this attack vector? https://t.co/jR9VQOHFAF
This is 100% false information, this is a phishing attack vector. The server returns a loading image if the client requesting the URI is Discord. If it's not Discord then it returns a fake login page to phish you and steal your login credentials.
Security Alert dedicated to PXN today 👻
A new Discord DM Scam going around with a fake "image" that looks like it`s loading, but if you click it executes a script to steal your Discord TokenID which enables the hacker to steal your account (2FA does not protect against this)
@PaahSecurity I don't understand why people continue to pass along this shitty chain letter. Who would drop a 0-day for stealing your Discord token? They could do much more with that then bothering with you.
Shame you are a "Cyber Security Advisor" if believed that.
The latest infostealing malware I focused on is TokGrabber. Written in JavaScript, compiled down to v8 bytecode, using AES to make their payloads unreadable unless decrypted. Also using @github
to distribute and store its payload. https://t.co/N7QCjl2Xfs #Discord#Malware
@TrisiaBae@discord I understand how upsetting it can be and can take a toll on your mental health when you run such a large community. Hope you get your account back ASAP. ♥️
There seems to be a new @discord token grabber malware going around. Remember do not run things people send you. If you get sent one, please send it to me. #FixDiscord
@TrisiaBae@discord I am sorry that you got your account compromised by a malicious actor. Sadly @discord response time on these issues seem to take around 1 - 2 weeks. 2FA doesn't matter when it comes to stealing your token. Discord does ask for your 2FA for anything else but login.
@discord HOW ABOUT FIXING YOUR TOKEN SECURITY BEFORE THINKING ABOUT ADDING A WAY TO SEND PAYMENTS???? I really do hope your department dealing with being PCI Compliant gets paid well. I can see all the credit card fraud happening now.
@discord Only liking it if @discord puts in the same amount of work and effort as others and myself have to stop token grabbing malware that has plagued your platform.
@stanleytry@_Ravager@xCustomGraphix@itchio Don't place yourself on a pedestal, you aren't the only token grabber malware out there. When all of the token grabbing malware were down for a few days this was me.
@_Ravager@xCustomGraphix Even with @itchio it was falling through the cracks. Currently I haven't found any token grabbing malware on Itch for a couple of days now. I have a scanner that scans files and reports them on itch.
@drazx2@_Ravager@discord Based on the report, it seems like it was a bbystealer variant. Sorry it happened. @discord is gonna take a few weeks to get back to you.