{"id":1929,"date":"2022-02-18T08:42:56","date_gmt":"2022-02-18T15:42:56","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=1929"},"modified":"2022-02-18T08:42:59","modified_gmt":"2022-02-18T15:42:59","slug":"devious-malware-hosted-on-discord-pretends-to-be-windows-11-installer","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/02\/18\/devious-malware-hosted-on-discord-pretends-to-be-windows-11-installer\/","title":{"rendered":"Devious malware hosted on Discord pretends to be Windows 11 installer"},"content":{"rendered":"\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

How the attack is carried out<\/h2>\n\n\n\n

Attackers distribute RedLine Stealer, a piece of malware that sets out to steal user information. They have developed a fake website that appears to be a carbon copy of Microsoft’s official Windows 11 installer page. However, the “Download Now” button beneath the “Get Windows 11” banner links to a rogue installation housed on Discord’s content delivery network (CDN). The bundle, which consists of one executable and many DLL files, is only a few megabytes in size when downloaded. When the user tries to extract the contents of the compressed bundle, something unusual happens. The.EXE file accounts for the majority of the file’s 735MB size. The malware can access data like location, security software usernames, and device configurations, as well as upload and download files and run commands. In the year 2021, a similar incident occurred. Attackers utilized a similar spoof technique to set up a Discord webpage with a similar but misspelled name to deceive users into downloading a harmful installer posing as Discord’s own. HP believes that the DNS servers, malware, and domain registrar were all employed in the same way as the Windows 11 attack.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Why Discord ?<\/h2>\n\n\n\n

The discord platform is been chosen because of the popularity of this platform, gamers will likely be excellent targets for malware. Hackers are increasingly focusing their efforts on Discord. The nefarious few that spread malware prefer to target consumers of popular online services, and with Discord’s 140 million active users and over 300 million registered users, the chatting software is a tempting target. The most common aim for Discord malware is the theft of users’ personal information, which is accomplished through stealer malware and remote access Trojans (RATs). Harmful files might go unnoticed for months, posing a serious threat to other users. There are also password-hijacking malware families, adware, and fake Android apps designed to steal bank information or intercept transactions. Even chatbot APIs are being used to exploit malware that competes for control of channels, as well as some that harvest was stolen data and store it on private servers.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

How to protect yourself <\/h2>\n\n\n\n

We all know that no one can be completely safe from these attacks. Discord is doing everything it can, to protect users from malware, but no amount of effort will be adequate to stop these attacks. However, you may avoid this by not clicking on every link you see, not joining servers you’re unfamiliar with, and disabling the “Allow direct messages from server members” option, which allows you to ban DMs (Direct Messages) from individuals in that server who aren’t on your friend’s list. However, Discord provides a list of security tips to keep you safe from spam and hacking while using the service. Setting strong passwords is one of the recommendations, as it makes them less likely to be compromised. People can also safeguard themselves by scanning for phishing scams. It is possible to detect bogus communications by paying close attention to the sender’s email address.<\/p>\n\n\n\n

Reference:<\/h2>\n\n\n\n

https:\/\/www.pcgamer.com\/devious-malware-hosted-on-discord-pretends-to-be-windows-11-installer\/<\/a><\/p>\n\n\n\n

https:\/\/discord.com\/safety\/360043857751-Four-steps-to-a-super-safe-account<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

How the attack is carried out Attackers distribute RedLine Stealer, a piece of malware that sets out to steal user information. They have developed a fake website that appears to be a carbon copy of Microsoft’s official Windows 11 installer page. However, the “Download Now” button beneath the “Get Windows 11” banner links to a … <\/p>\n

Continue reading “Devious malware hosted on Discord pretends to be Windows 11 installer”<\/span><\/a><\/p>\n","protected":false},"author":410,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-1929","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Arjun Varma Kakarlapudi","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/arjun-varma-kakarlapudi\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/410"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=1929"}],"version-history":[{"count":3,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1929\/revisions"}],"predecessor-version":[{"id":2024,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1929\/revisions\/2024"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=1929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=1929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=1929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}