Discord Infostealers: How hackers steal your password
HTML-код
- Опубликовано: 1 окт 2024
- Discord Infostealers can hack your accounts by stealing your passwords and tokens if you fall for a malicious link in discord, beware of messages about free games etc. Check out Intezer Analyze (sponsor) : analyze.inteze...
Buy the best antivirus: thepcsecurityc...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecurityc...
A video all about how attackers can get around 2FA, and what can be done to lower the risk, would be really good.
the truth about 2fa is that it mostly get you ( legit user ) problems with login ( example your phone is discharged and you are trying to login to discord ) when a hecker can bypass it easily with a token ( doesn't matter if it's encrypted or not.)
@@dripful. It has flaws, but still a big improvement in security. There are worse ways to lose access than just not having your phone charged.
@@dripful. this is a problem I have, my phone is no longer connected to service, so I cannot get the 2fa text message
@@CoolJosh3k ur phone is broken for example and what you gonna do?
@@dripful. Bitwarden premium. 2fa anywhere.
I've seen an interview about Minerva, its supposedly an "antivirus" that uses those virtualization detection and other stuff against the attacker. I think its amazing to approach cybersecurity from this angle! I don't know if its only an entreprise product but I wonder if you'd be willing to make a video, it would be so interesting!
Hey ! Clicking the link only doesn't do anything
You have to download the file and then open it by yourself
it's not magic like you saying !
But I would start with the first line of cyber defense: "Don't click on suspicious links or links from people you don't know!"
@bhavya prashanth lol no way you get hacked by a link that's considered 1 click vuln which is very expensive .... do your research fam
@@wannabedal-adx458 yeah sure
clicking links wouldn't be a problem tho if people weren't so keen on entering their passwords into them the second they load
@@mnageh-bo1mm They can attack by using embeds to download malware, but it is very rare and kinda impracticle
@@declan_youtube what do you mean? Drive by download?
I'm still confused how they get into your system. Do you only need to click on their "Free Discord Nitro" link and that's it, your discord account is compromised, or do you need to put in your login credentials in those websites or download something?
Asking cause everyone says that all you need is a click on the link and I want to know if that's actually true or does it take a bit more interaction
To me the title says that you only have to click the link, while the video talks like you need to download the file and execute it.
You need to download an execute a file
I watched the entire video and still confused who the malware was activated.
Yeah it is misleading. You definitely need to execute the program. I download many things to try and infect my virtual machine for testing and research. I have yet to come across something that that is new and sophisticated behavior like that haha. I can see it happening via pdf files or something micro related, but this was a bit puzzling. =)
You either have to download an executable file, or enter your credentials into a "login page".
how to avoid this: simply don't click on the links
Does clicking just the link instead of executing the files affect your machine? I'm new to IT security stuff just curious.
@@Raecrisos you can be injected with malware (through javascript) and you wont even notice.
It can yes. People can use security exploits in the browser to get access to your hard drive.
@@Raecrisos I think its easy for them to make links whose the browser download and execute it without your intervention(clicking),so... both?
@@Raecrisos generally no, however as the other replies say, its entirely possible for browser exploits to be used to do stuff without user intervention. make sure your browser/system are up to date to help with stuff like this, but of course not clicking shady links will give maximum protection
Don’t worry I won’t be hacked. I message Discord Bots my passwords to keep track of them, I trust them.
your token can easily be stolen and they can easily see the messages
@@Unidentified_Entity6 😭
They don't steal it! *You give It to them!*
O_o Must admit I assumed passwords stored in the browser would be encrypted
They are, but the encryption key is easily accessible
@@DOSeater That's so dumb they should store it server sided
@@ricogoins That's worse
@@alessioantinoro5713 yeah, practically & the cost is too high because you'd have to transfer the whole file for each account
+ we cant really use something that works like RSA (because you'd still have to toss the private key to clients if you use your account on multiple devices)
also csv convertion being very accessible
This is why I don't have any cookies saved by default, with Firefox set to strict by default for cookie protection just in case.
I know that Firefox keeps logins in a simple text file, but they are, supposedly, encrypted. Are they really just that easy to read?
you have to set a master password, if you dont its easy to read
Yes. You can also read them through commands from the windows install disk of a passworded windows install. As well as change the password of that install. Just using the CMD and admin privileges on the install disk. You can find step by step instructions how to change the password of a pc using the disk. Everyone should do it to their own systems as a learning tool.Anything you can do with admin privileges on a passworded and encrypted system with the password key you can do with the windows install disk using the CMD command window and a USB CD-rom or windows install on a USB stick. The only stop I found for this is to password your BIOS after you set it to only start up from your hard drive.
how does the malware get executed if you just download a zip file though
Can you recommend a proper Password Manager? (For Windows)
I wish intezer were able to have affordable prices for small business that are starting on the security area.
keep up the good content ☺️
Yeah this one has been making the rounds a lot lately
To anyone who reads this if you haven't done it already I would turn off DMs from server members
This makes it so the person has to add you to message you
Right Click a server > Privacy Settings > Untick Allow DMs from server members
If you want to have it set to not allow DMs by default on joining a server
User Settings > Privacy and Safety > Server Privacy Defaults
Untick Allow DMs from server members
Of course though watch out for friend's who's accounts are compromised
Can you whitelist users that want to msg me? I am a member in some discord tech servers that helped me troubleshoot big projects via dms (would have exploded the chat)
@@Appoxo unfortunately no you would have to add those users so they could message you
You can pick and choose what server that setting applies to of course so I would do that
Hi sir can you pls test windows defender vs malware in 2022 because I love Microsoft's antivirus and I want to see if its good.
There's also a token stealer called "2d_pong.exe". Once launched, they're within your account in seconds and already have the password changed and whatnot.
umbrella jump: hold my scam
Can Kapersky and other anti-viruses detect this malware or no?
It can detect
TDLR:
Don't run something you dont know about.
thats what i needed right now, thanks! 🤝🏼
This just happened only 3 hours ago and I thought I was unhackable. You’re not. Nobody is.
Can Malwarebytes detect stuff like this?
Yeah, this is all very nice, but to be honest I was really hoping you were going to answer the elephant sized question that is currently burning in everyone's mind? With that question being:
How and since when, in the name of all that is holy, does the simple act of clicking on a link in a discord chat result in your system becoming the victim of a drive-by download attack? How is it possible for a simple, *single* click on a link to result in malware being autonomously downloaded, executed and installed onto your system? (And somehow the malware installer even managed to gain administrator privileges *without* triggering any UAC prompt whatsoever!?!? (At the very least I am pretty sure the malware somehow gained administrator privileges, because it stands to reason, and I very much hope so that it is indeed the case, that the folder C:/WINDOWS is completely read-only for anything and everything, _except_ for an elevated processes, right?
I don't know, but it seems Discord is not the place to be if such nasty stuff happens. Discord is like Skype? But with executable files from games and stuff?...not good seems to me.
@@raylopez99 yeah, you're quite right indeed, this is quite the mess! is Skype somehow vulnerable too? If indeed the case then that would suck so bad because I was still using that daily! :(
@@TheBauwssss Maybe. I recall getting a lot of unknown pings and traffic from all over the world...I thought I was being hacked, until it turns out the culprit was Skype...that's the way it works, you can get anybody from anywhere in the world pinging you, and maybe sending you files (or requests to be your friend, and so forth). So what I do now is only restrict incoming calls from people on my Skype "contacts list" and further I only use Skype when I want to make a call, so I don't start it automatically at startup. Problem solved.
There are a few ways. Depending on the browser, when you visit a website it can automatically install malware without telling you it's installing anything. Bypassing the UAC is possible with vunerabilites with apps you install, and if it asks you to give admin privileges to it some people would allow access. Another way of bypassing UAC is admin permissions aren't required to send keystrokes, so in the UAC if it doesn't ask for a password and it's just yes or no they can press the arrow keys to Yes. As far as I'm aware, C:/WINDOWS is read only even for Administrators, and you require SYSTEM level permission to edit it (not saying Malware can't get that, but it's more than just Admin)
@@declan_youtube Yea you can "Download" malware but not "Install" it automatically. Both are different terms.
And while bypassing UAC isn't that hard in itself, but the methods that you stated are useless. Emulating Keystrokes doesn't work for UAC on Win 10. The UAC Prompt is displayed on a Winlogon Desktop, which is a SYSTEM Privileged Desktop(Kindof a User Account) separate from your common Local one and could only be accessed by users with Local System privileges. Pretty much the reason why you can't screenshot UAC Prompt nor access it with RDP Software. And if a software is already running with Local System Privileges it doesn't need to elevate anyway. And there are two basic/fundamental ways to Bypass UAC/Privilege Escalation one is Using an existing escalated process that is suspended and then injecting the malicious payload into that process and waking it, second is the good ol' DLL hijacking, manually changing registry values also worked before but it's been patched for good.
But anyway, any of this doesn't matter unless you don't manually run the downloaded executable yourself, browser doesn't execute any downloaded binary itself.
I've been recieving a ton of messages like this, I've had some fun decompiling the whole thing, most times it's either a node application or a modified betterdiscord installer, I've also noticed that it seems to be sending the token to a telegram bot, great video as always!
I've seen Intezer has added an URL analyzing tool too, but it was moved into the Enterprise plan after some days and I basically couldn't manage to use it more than a few times. What gives?
Well they are not a charity...
@@CelesteOnRUclips If they told the users what they were going to do it'd be useful
In discord I go to settings and go to devices and see that the operating system is linux even though I use windows 10 but when I reset the password in a few hours the same linux user and the same location is back.
Yo tpsc, I want to be like you someday. How do I start and what do I need to learn in college and etc? I'm in Highschool about to be in college right now and I like to learn cybersecurity.
@@r3tr0n17 I don't even know what you just said, sorry if i'm asking too many questions but what are those?
Also learn just basic coding on yoir free time, like Javascript, etc
I accidentally got infected by this when I tried analyzing it with pestudio on my main PC - single click got registered as double click and boom, file was running. The only thing that saved me was my virtual firewall (TinyWall) that didn't let it exfiltrate any data. Then ran every virus scanner under the sun on my PC and installed a VM so this doesn't happen again.
You single clicked it, basically highlighting the file and it still launched? How?
@@DvirMuja Well I don't know. I assume it was human factor, but it really didn't feel like a double click. Happens.
redline stealer is so common. Many people on russian forums have their own paste of redline stealer from its source. It's just good!
And that's why, ladies and gentleman you should turn off DMs from server members. So you don't get attacked by bots with shady links and get your info stolen
I personally think the main takeaway is the number one rule of the internet;
Do NOT click said shady links… At all.
Measure twice and cut once.
Aren't password managers a safety risk in and of themselves?
depends on the quality of it
pretty sure stuff like icloud has it encrypted on their side too so if icloud gets hacked the hackers will just get a bunch of really encrypted files and stuff, could be wrong as i read about this once long ago when i was bored
@@DuhNoU How do you quantify the quality of various PW managers?
ways to avoid this:
1) don't click the link
2) Use a vm (virtual machine) without any saved data and paste the download link there. (Make sure file sharing is disabled between Host (Your pc) and guest (The vm). If something happens on your vm, even more noticeable since there's only the default processes, it's a virus.
3) disable messages from non-friends
If I copy the link, so I can scan it with a link scanner will I get in danger or I only will get in danger if I click the link?
@@ok-hk2rc the danger is not always clicking the link. Most of the time it is downloading the file with the link. Still, don't click on links from random people
@@User-iw4oo oh alright
@Sonic Hedgehog while this is true it cannot be applied in all situations
your friends can be hacked too and then the hacker will sent the "put something in here" to hack you
ah yes, a replit website, thats how you know the developer didnt put enough effort to buy a domain
You don't need to buy a domain though? You can host the web page off your PC. Replit is a far more easier and navigable option. And even if you buy the domain, you still need a web server or client-server to host it.
How to clean off discord’s browser cookies, so i can get rid of this.
Some use BEEF malware within the browser to hack.
did anyone ever hear of $9394, MixerSquad or Umbrella Jump? in my case of being hacked it was late at midnight and someone wanted me to try out his game (and wasn't calm at all i fell for it just because of the time pressure)
WHat about firefox and protected with a master password?
Great tutorial! It really helped me!
IF ONLY IF THEY GOT " REAL JOBS " !!!!!!!!
How do you get this virus again, simply visiting the site or downloading the self-proclaimed "free" game and running it?
People can embed malicious files on Discord and try to trick you into executing it.
Meanwhile Discord's Trust and Safety literally has no visible way to report the hosted CDN files.
Well, they do have a [Report Spam] function if you get it via DM, but still....
if it is our password that saved how do we keep the passwords for each account we canot just remember then use it for all accounts thats how they get in i have a new pass for all my accounts youtube twitch xbox playstation nintendo amazon other online servces . where do we right them then on a offline pc that we never go online with ?
So how do you scan large files with this website?
you fail to mention a lot of things
they cant get your passwords if you dont save them in chromium browsers
and if you have discord installed they can only get your session token
you may reset your session token by or changing your password to the same one if you are lazy
or enabling 2fa
He mentioned that firefox is also vulnerable, and it is not chromium based.
@@opfromthestart3645 firefox is chromium based
@@Computer-Catt it isnt though, mozilla has their own engine
@@opfromthestart3645 googled it seems that you are correct
my source came from experience when i launched a chromium password stealer on my pc to see what would show up
amongst those was firefox
thats why i thought
farewell
I dont understand what is the point of showing some random info stealing malware what is actually important is being aware of the attack vector, when it comes to the malware itself, there are infinite variants that do the same or slightly different things, the wow now it can steal more is not really that informative
Lets say you do get affected by this, how would a regular user detect and remove it? Would antiviruses detect this on scan (assuming theyre not obfuscated, etc)?
antiviruses can find it, sometimes if it's on an autolaunch you can uninstall it or end it with task manager (i think anyway)
@@unstyled3509 you can turn of the auto launch from settings
@@SamiV2 oh yeah, or that, to be honest I completely forgot about autolaunch settings and stuff lol
Antiviruses usually have a system where they get a list of all new malware and viruses and then build a defence against it and make it easier to detect. It's both automated and a manual process but that's why antivirus software are so expensive.
which pasword manager would you recommend, both free and paid
aside from login in on browser apps, just ignore peeps sending links that you dont know and even if they're real people and genuine, just don't.
The Internet is a scary place
I clicked the free discord nitro link and it hacked my account.
This is Known as "Phishing"
Thanks for the tutorial :D
that f-cking intro man! I literally jumped up to that gunshot noise in the middle of the night.
OMG that happend to me sometime he said hi, i got a free game i made wanna try it i was smart enough to not click it!
Which Antivirus do you use personally?
He did a video a while ago on this. I think he uses Comodo with some combinations.
@@RUclips.Pigeon its garbage
I had a weird experience one time on Discord that ultimately got me booted from the Samsung Care Ambassador Program.
i assume this doesn't affect safari, macos users?
just use ur own voice..
That's frightening
How does one manufacturer a virus? cause it sounds like copy and pasting code that you want in the virus
attack the attacker!
fuck this im saving my passwords on browser dont know what to do now :(
Notepad
so u want a new os
Nice
2:46
Russia just HAS to fuck everything up, doesn't it
2FA makes you no 👎 hacking.
no not really if they get your token
This is why 2fa is important
@anonymous anonymous He probably means other sites credentials that are stolen with this malware. Even if they have your username and password retrieved through a browser's saved passwords, they won't be able to access your accounts unless they have the TOTP. This is why we must use password managers in combination with a 2FA and strong master password to manage all our passwords.
If i've been infected by this on my computer what should/can i do about it? Should I wipe my C:/ drive completely is that the only way of removing the virus? It could be a trojan or this, but it was basically this scenario in discord except they asked to type in a password to access an .exe in a .rar file then once i typed it in and it ran the .exe. he hacked my discord and could still add himself on my new discord, because i believe he had access to my session tokens or keylogger on my ip potentially? I'm not sure which. But question remains: Do I wipe my C drive and I'm good? I have multiple other drives, I disconnected it from the internet and removed, uninstalled and deleted all files that I know of with the file name of the exe/virus. However I know there could still possibly be other software or infected system files. I had that exact microsoft framework file as well giving me pop for that file specifically that i need user privileges or something to remove it (I will get back to you on the specific message).
Hey Leo, little reminder about the video description, "buy the best antivirus" links to an old url, should be "best-antivirus" after the domain, instead of "best"
Thanks, I will send this to Leo
Just got hacked and then video comes out... nice
Hey I need help....I know some people who are talking to minors and getting them to send explicit images I need help getting contact with more victims and I thought one of their discord was a good idea ....I have no idea how now that I've been blocked-
My Discord account has gotten hacked, I need help getting it back. Is there a way you could help me?
you could tell his mouth that he talking in like bengail or something thats why he use this audio
any recommended antivirus?
Is Kaspersky a good anti-virus and can it detect a virus like that?
i got hacked on steam because of a discord hackwe hacked a polish guy and i lost my steam account
This is why you use MFA where ever possible
This specific strain of malware also has an async function that checks for tokens. If they find those, a simple CRXF attack can bypass MFA
@@zombies1238 arh , ok. Thanks
@@zombies1238 do you mean crsf?
thats why people should stop using discord :)
it has more bugs, issues than features
2fa is just a visual thing as tokens bypass it, voice channels are only an forgotten and abandoned poorly made addition, yet people still use it on daily basis, what is wrong with people
Now I don't feel as bad about Russia future.
Thanks now I can get the mfs who nuked my server
please add some delay to the microphone because it doesnt match up with the video
If i Start an grabber in an virtualbox can he get any information from me?
If i Start an grabber in an virtualbox can he get any information from me?
So you have to actually open the downloaded zip file and run the .exe, or what? The video isn't clear on how the malware is activated.
If someone get my token he can get hack into my computer?
im doing this to have my friedns account
Definetely not trying to use this on my friend....
lmaooo one of my buddies keeps having this happen to him because he tries to download mod menus for fortnite
well ive been hit by one but it wasnt an ordinary grabber it was a website it stole all of my broswer passwords
I want to do this to someone without sending them a link, is it possible?
Great video! 👍🏻I was wondering if it is possible to bypass virtual machine detection. Personally I think it would make for a great video, but I'm saying that with the little knowledge I have concerning the topic. Anyhow, keep up making great videos and know that you just earned another sub!
i wish this video came out last year, i got hack last year with the "wanna try a free game" i had 2FA On and they went threw it, all of my two account's where hack so i can not get it back
its rat they can login ur acc with tokens
have you guys gotten the "I accidently reported you click this link to talk to your employee one LOL.
1:56 POV you use mac :skull:
All the reason why I use password manager and I never ever saved my pass on browser ever since. Might not be 100% bulletproof ,but better than nothing
Google has better encryption than other web browsers. Huge variety of google is programmed from good and experienced programmers hence why it's a popular browser.
I like how you suggest not using browser password saving instead to use a paid service (haha get f'ed poors) to save it instead. Instead of say suggesting not downloading and running random unsolicited executables from the web.
Thank you every single knowledge you’ve shared to us!
As someone who has coded a undetectable malware which i have add over 10k from max from 1 person being $600. Now i just got my victim to use 1 file and boom, mine. Im not giving it away, its mine. I made it. So no one is getting it
yes i got the free game :D:D:D:D
There is one app that has one analyse on virus total recognized as malicious,
that is GamesAppIntergrationService in windows 10.
Is this a false positive? All other vendors recognize it as safe.
It connects to Microsoft and to verizon business in US
I have over 300 passwords stored in my browser? How can I easily transfer them all to a password manager?