Discord web browser link11/20/2023 Should any process match with those present in the blocklist, Skuld proceeds to terminate the matched process as opposed to terminating itself.īesides gathering system metadata, the malware possesses capabilities to harvest cookies and credentials stored in web browsers as well as files present in the Windows user profile folders, including Desktop, Documents, Downloads, Pictures, Music, Videos, and OneDrive.Īrtifacts analyzed by Trellix show that it's engineered to corrupt legitimate files associated with Better Discord and Discord Token Protector and inject JavaScript code into the Discord app to siphon backup codes, mirroring a technique similar to that of another Rust-based infostealer recently documented by Trend Micro. If you don’t have the app installed, you can still join a server through a web browser on most devices. We recommend joining a Discord server by using the Discord app for Windows, Mac, iPhone, iPad, Android, or Linux, although it’s not required. ![]() It further extracts the list of running processes and compares it against a predefined blocklist. Option 1: Join a Discord Server in a Web Browser. ![]() The malware, upon execution, checks if it's running in a virtual environment in an attempt to thwart analysis. Also spotted by Trellix is a Telegram group named deathinews, indicating that these online avenues could be used to promote the offering in the future as a service for other threat actors.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |