Discord Malware Campaign Aims For Crypto and NFT Groups

Share post:

Discord users have been targeted with a new malware campaign that primarily uses the Babadeda crypter to hide malware.

Babadeda is a crypter used to encrypt and disguise malicious payloads and disguise them as harmless applications or installers.

Since May of this year, threat actors have been busy distributing remote Trojans disguised by Babadeda, posing as legitimate apps on crypto-themed Discord channels.

Its complex disguise gives it a very low AV detection rate, and according to Morphisec researchers, its infection rate is increasing day by day.

The delivery chain begins on public Discord channels with large audiences from a crypto-focused audience, such as NFT and cryptocurrency discussions. Attackers interact on these channels and send private messages to potential victims, inviting them to download a game or app.

There have even been cases where the threat has come from actors running existing blockchain software projects such as the game “Mines of Dalarna.”

When the user clicks on the specified URL, they are taken to a decoy site that operates a cyberdomain that is so easily passed on to the legitimate domain. These domains use a valid LetsEncrypt certificate and support an HTTPS connection, making the scheme even more credible.

The malware is downloaded when you click on the “Play Now” or “Download app” buttons on the aforementioned pages and mask themselves in the form of DLLs and EXE files within an archive that at first glance looks like any normal app folder.

As soon as the victim tries to run the installer, they receive a fake error message that leads them to believe that nothing has happened. In the background, the malware continues to run.

Babadeda has been used in past malware campaigns to spread infotainment stealers, RATs as well as LockBit ransomware.

The attackers are believed to have targeted the victims’ cryptocurrency wallets, cryptocurrency funds and NFT assets.

For more information, you may view the original story from Bleeping Computer.

Featured Tech Jobs


Related articles

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Canadian group gets $2.2 million to research AI threat detection for wireless networks

Ericsson Canada and three universities have been awarded funds by the National Cybersecurity

Cyber Security Today, Nov. 29, 2023 – More ransomware attacks on the healthcare sector

This episode reports on a company hit twice by a ransomware gang, the arrest in Ukraine of the alleged head of a ransomware gang

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways