Friday, March 29, 2024
HomeSECURITYDiscord group admins lose their accounts en masse in browser bookmark attacks

Discord group admins lose their accounts en masse in browser bookmark attacks

-


Discord group admins lose their accounts en masse in browser bookmark attacks

By adding a bookmark to your browser, the victim voluntarily gives the hacker access to his account.

Cybercriminals hack admin accounts Discordservers and steal cryptocurrency from their accounts using malicious browser bookmarks. Several Discord crypto communities have been affected in the recent wave of attacks, including Aura Network, MetrixCoin, and Nahmii.

Hackers usually target Discord communities where members discuss cryptocurrencies, but this time the attackers are attacking the admin accounts of those groups. By words Brian Krebs of KrebsOnSecurity, cybercriminals use accounts by executing malicious code JavaScript. To force users to execute the code, it masquerades as a seemingly innocuous browser bookmark.



Attackers use a deceptive strategy by inserting JavaScript into browser bookmarks using the drag and drop feature on web pages.

Group admins have reported receiving interview requests from individuals posing as reporters from cryptocurrency news outlets. Once the victims agree to be interviewed, they are redirected to a fake Discord server that mimics a news release.

Administrators are then asked to verify their identity by dragging a link from the server to the browser’s bookmarks bar. Victims believe this action is part of the verification process and subsequently return to Discord.com and click on a new bookmark.

What the victims didn’t know, however, was that the bookmark was a well-written piece of JavaScript code. Fragment stealthily retrieves token The victim’s Discord and sends it to the attacker’s website.

The scammer then uploads the token into their browser session and proceeds to announce exclusive NFT news in the Discord target group, which are designed to attract naive participants who are confident in the legitimacy of the messages.

The victims are then prompted to connect their crypto wallets to the web address provided by the attacker and grant unlimited permissions to use their tokens. Consequently, the hacker successfully withdraws funds from compromised accounts. To cover their tracks, the attacker promptly deletes messages and bans users who are trying to expose fraud.


Functionality of the token and the consequences of the attack

The stolen token remains functional only to the attacker until the original owner logs out or changes their credentials. This is how a cybercriminal can use a hacked account without arousing suspicion.

According to Krebs, an Ocean Protocol employee was the victim of this attack. On May 22, the Ocean Protocol Discord server admin clicked on a link sent in private messages from a community member. The administrator was then asked to verify their identity by dragging the link to the web browser’s bookmarks bar. Even though it was included multi-factor authentication (MFA), an employee’s account has been hacked.

The attackers waited until midnight in the victim’s time zone to use the account and reduce the chance of detection. Subsequently, the hackers from the hacked account sent a message announcing a new Ocean giveaway. Eventually, the victim contacted the operator of the server hosting the channel and the settings were returned to normal.


Conclusion

Discord admin accounts in cryptocurrency-focused communities have become a prime target for scammers using malicious JavaScript bookmarks. Attackers take advantage of the trust of Discord administrators by tricking them into executing code disguised as browser bookmarks.

With this deceptive strategy, the scammers gain access to victims’ Discord tokens, allowing them to perform fraudulent activities, such as debiting hacked accounts. It is extremely important for Discord users, especially administrators, to be careful about such attacks.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular