A new cyberattack exploits vulnerabilities in Discordβs invitation system to distribute malware like AsyncRAT and Skuld Stealer, primarily targeting crypto users. The campaign uses hijacked expired or deleted invite links and sophisticated multi-stage infection techniques to evade detection. #DiscordVulnerability #CryptoWalletStealer
Keypoints
- The attack leverages hijacked Discord invite links to redirect users to malicious servers.
- The campaign employs multi-stage loaders and social engineering tactics like ClickFix to infect target systems.
- Payloads include AsyncRAT for remote control and Skuld Stealer for extracting crypto wallet data.
- Threat actors use trusted cloud services such as GitHub, Bitbucket, and Pastebin to hide malicious activity.
- Victims are mainly located in the US, Vietnam, France, Germany, and other European countries.
Read More: https://thehackernews.com/2025/06/discord-invite-link-hijacking-delivers.html