FA+
Shop
PSA: Discord Malware
4 years ago
📓 Earthly, ethereal, angelical, infernal or otherwise out of this world beings... 📓 
I'm working on a fantasy JRPG. Please consider checking it out
There's been a spike in discord related hacks as of late. Here are details I copied from a post on itch.
Malware is being distributed via Discord with hackers attempting to use itch.io and other sites to trick you into downloading a program that steals your Discord account token, payment information, and more.
If you receive a DM from someone you don’t fully trust asking you to download or test their game, DO NOT DOWNLOAD
It is safe to view the page, but do not download any untrusted software
Games that run in your browser are sandboxed by your browser and pose no risk of infecting your computer
Report the page using the report link on the bottom of the page
Based on our understanding the exploit works as follows:
Unsuspecting user has the Discord app installed on their Windows computer
They receive a DM from someone they may or may not know (it may be someone that hasn’t spoken to you in a long time, or someone from a mutual server)
The hacker asks you to test a game they’re working on and provide an itch.io or other link to download the software
The software is a program that reads a file at a certain directory on your computer that contains your Discord API token
This token gives full access to your Discord account with no restriction on where or how it can be used
The scammer uses this token to:
Steal your account from you (change password, email)
Use stored payment information to spend thousands of dollars on Discord Nitro/Server boosts
They may message from your account to your friends list/servers with the same or similar message asking others to download the file
We have received reports that Discord support is not handling refunds for these fraudulent payments. This is most likely illegal, keep pressuring them or open disputes if necessary
So long story short, compromised discord accounts are spreading malware either via files or itch.io links. Operating any of the flies gives them access to your discord information and payment details. If you receive a file asking to test something, DO NOT OPEN.
Sadly two of my closest friends have fallen for it and I've seen it in action. Be vigilant. If someone is operating like this in a server you're in, either remove them immediately, delete their post or notify admins ASAP.
And to the hackers, go plough yourselves.
Malware is being distributed via Discord with hackers attempting to use itch.io and other sites to trick you into downloading a program that steals your Discord account token, payment information, and more.
If you receive a DM from someone you don’t fully trust asking you to download or test their game, DO NOT DOWNLOAD
It is safe to view the page, but do not download any untrusted software
Games that run in your browser are sandboxed by your browser and pose no risk of infecting your computer
Report the page using the report link on the bottom of the page
Based on our understanding the exploit works as follows:
Unsuspecting user has the Discord app installed on their Windows computer
They receive a DM from someone they may or may not know (it may be someone that hasn’t spoken to you in a long time, or someone from a mutual server)
The hacker asks you to test a game they’re working on and provide an itch.io or other link to download the software
The software is a program that reads a file at a certain directory on your computer that contains your Discord API token
This token gives full access to your Discord account with no restriction on where or how it can be used
The scammer uses this token to:
Steal your account from you (change password, email)
Use stored payment information to spend thousands of dollars on Discord Nitro/Server boosts
They may message from your account to your friends list/servers with the same or similar message asking others to download the file
We have received reports that Discord support is not handling refunds for these fraudulent payments. This is most likely illegal, keep pressuring them or open disputes if necessary
So long story short, compromised discord accounts are spreading malware either via files or itch.io links. Operating any of the flies gives them access to your discord information and payment details. If you receive a file asking to test something, DO NOT OPEN.
Sadly two of my closest friends have fallen for it and I've seen it in action. Be vigilant. If someone is operating like this in a server you're in, either remove them immediately, delete their post or notify admins ASAP.
And to the hackers, go plough yourselves.
📓 Keep your pants dry, your dreams wet, and remember, hugs not drugs.📓 I'm working on a fantasy JRPG. Please consider checking it out 
bizzer
~bizzer
Thanks for the heads up!
