216.73.216.86

From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

· Published 13/06/2025 14:47 · Modified 13/06/2025 20:49

Export JSON

Essential information

Published
13/06/2025 14:47
Modified
13/06/2025 20:49
Tags
2025-06-13 asyncrat chromekatz crypto wallets discord evasion phishing skuld stealer
Related entities
15 techniques (mitre), 7 others

Description

Check Point Research uncovered a malware campaign exploiting expired invite links to redirect users to malicious servers. The attackers use a combination of techniques including ClickFix , multi-stage loaders, and time-based evasions to deliver and a customized targeting . The campaign leverages trusted cloud services for payload delivery and data exfiltration to avoid detection. The operation continues to evolve, with threat actors now able to bypass Chrome's App Bound Encryption using adapted tools like to steal cookies from new Chromium browser versions. The campaign highlights how subtle features in 's invite system can be exploited as attack vectors.

External references