New Discord malware targets NFT and crypto fans

The malware includes RATs and even ransomware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have shed light on an ongoingmalwarecampaign that targetscryptocurrencyenthusiasts on gaming-centric messaging platformDiscord.

Discovered bycybersecurityresearchers at Morphisec, the “sophisticated” campaign aims to distribute a malware strain named Babadeda.

“We know that this malware installer [Babadeda] has been used in a variety of recent campaigns to deliver information stealers, RATs [remote access trojans], and even LockBitransomware,”sharethe researchers.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Worse still, the researchers observe that Babadeda uses complex obfuscation to bypass most traditional signature-basedantivirussolutions.

Elaborate deception

In their breakdown of the malware, the researchers note that the infection chain begins with the threat actorsphishingusers interested in crypto andNFTsby sending misleading private messages, asking them to download an app in order to access new features and additional benefits.

What makes the campaign worth paying attention to is the lengths the threat actors go to in an effort to trick victims into installing Babadeda.

“Because the actor created a Discord bot account on the official company discord channel, they were able to successfully impersonate the channel’s official account,” note the researchers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Furthermore, the attackers use several other measures to ensure that the delivery chain looks legitimate even to technical users. For instance, they use cybersquatting to make the URLs of the decoy websites resemble that of genuine ones, and in addition to mimic the user interface, also useSSL certificatesdished out by Let’s Encrypt to lend an air of legitimacy to the deception.

Shield yourself online with thebest firewall apps and services, and ensure your computers are protected with thebest endpoint protection tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well