Maresy

Discord malware skids are taking advantage of cookie and token vulnerabilities using infostealer malware that grabs browser cookies, passwords, auto-fills, and more from infected PCs. Cayte/CT has recently reported that the controversial game Roblox continues to host and facilitate criminal activity, with Discord serving as the main middleman for messaging and coordinating scams. Users are being targeted through hoax .exe files and forwarded messages that spread InfoStealer malware, which grabs browser cookies, passwords, auto-fills, and more from infected PCs. A prime example involves the Discord user “EddyKane,” who first contacts victims on Roblox claiming to have insider info and big investment opportunities, then sends malicious files or links (sometimes hidden in embeds). These logs show attackers stealing session cookies, like the 7 shown here, plus hundreds of auto-fills, allowing them to hijack Discord, wallets, and other accounts instantly. Avoid random exes, cracked software, and shady downloads. Stay safe by enabling 2FA and using a good password manager.

That’s true, and social engineering is indeed the most popular technique; social engineering plays a role in almost every single attack. Nonetheless, it is not the sole means attackers employ. An attacker may hack a genuine website, or malvertize, and then force the user to automatically download files when he/she visits that website; such techniques are known as drive-by downloads. It could very well happen that visiting the web page is achieved due to social engineering, while the downloading process does not involve any social engineering at all.

Social engineering is not the only way to get someone to download a malicious file. Attackers can also redirect users to a specially crafted URL that automatically triggers an immediate file download. Once the download starts, it can usually be canceled through the browser’s downloads manager, though rapid action is required to limit the amount of data transferred.