Earlier today many Discord servers made the announcement that a phishing attack was being carried out in Discord DMs. Many users reported that they were messaged by members of Discord servers that they already know and trust. The DM asks the user if they would be willing to playtest a game. Soon, a link to the malware is sent to the user resembling a .rar file. Clicking the link then hijacks the user’s account.
Presumably this attack is similar to a previous piece of malware that was distributed through DMs several months ago. In essence the program reads a file in your computer’s directory that contains your Discord API Token. With that token, they are able to access your email and change your password. They may also access any stored payment information to purchase Discord Nitro or Server boosts. The now newly hijacked account can also now repeat the process of DMing others.
Reports say that a developer’s account was hijacked this way. It is not currently known how widespread this attack is as reports are still coming in.
We advise anyone using Discord to enable 2FA on their accounts with a phone number you own. We also advise you to be wary of links sent in even if you may know the person sending them.
