On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a new password-stealing malware builder. Malware builders are programs which so-called script kiddie hackers can craft their own executables on top of. Script kiddie is cybersecurity parlance for a novice hacker who uses a preexisting code to slightly modify it for their own nefarious purposes. Four days later, threat analysts from Uptycs discovered the first sample of a Portu-inspired malware sample in the wild researchers dubbed “KurayStealer.” According to researchers, the malware has been used to target Discord users. How KurayStealer Works The author behind KurayStealer has clearly taken inspiration – and code – from those other attacks. “We have seen several other similar versions floating around in public repositories like github,” the researchers noted, concluding that “the KurayStelaer builder has several components of different password stealers.” When it’s first executed, KurayStealer runs a check to determine if the malicious user is running the free or “VIP” (paid) version. Next, it attempts to replace the string “api/webhooks” with “Kisses” in BetterDiscord – an extended version of the Discord app, with greater functionality for developers. If this action is successful, the hacker can undermine the app in order to set up webhooks. Webhooks are a mechanism by which webpages and applications can send real-time data to one another over HTTP. They’re like APIs, the key difference being…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-05-12 09:01:002022-05-12 09:01:00Malware Builder Leverages Discord Webhooks
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com