Discord Malware Campaign Aims For Crypto and NFT Groups

Share post:

Discord users have been targeted with a new malware campaign that primarily uses the Babadeda crypter to hide malware.

Babadeda is a crypter used to encrypt and disguise malicious payloads and disguise them as harmless applications or installers.

Since May of this year, threat actors have been busy distributing remote Trojans disguised by Babadeda, posing as legitimate apps on crypto-themed Discord channels.

Its complex disguise gives it a very low AV detection rate, and according to Morphisec researchers, its infection rate is increasing day by day.

The delivery chain begins on public Discord channels with large audiences from a crypto-focused audience, such as NFT and cryptocurrency discussions. Attackers interact on these channels and send private messages to potential victims, inviting them to download a game or app.

There have even been cases where the threat has come from actors running existing blockchain software projects such as the game “Mines of Dalarna.”

When the user clicks on the specified URL, they are taken to a decoy site that operates a cyberdomain that is so easily passed on to the legitimate domain. These domains use a valid LetsEncrypt certificate and support an HTTPS connection, making the scheme even more credible.

The malware is downloaded when you click on the “Play Now” or “Download app” buttons on the aforementioned pages and mask themselves in the form of DLLs and EXE files within an archive that at first glance looks like any normal app folder.

As soon as the victim tries to run the installer, they receive a fake error message that leads them to believe that nothing has happened. In the background, the malware continues to run.

Babadeda has been used in past malware campaigns to spread infotainment stealers, RATs as well as LockBit ransomware.

The attackers are believed to have targeted the victims’ cryptocurrency wallets, cryptocurrency funds and NFT assets.

For more information, you may view the original story from Bleeping Computer.



Related articles

Cyber Security Today, March 22, 2023 – ChatGPT4 is out, poorly-protected Linux servers are exploited, and more

ChatGPT4 is out, poorly-protected Linux servers are exploited, and more. Welcome to Cyber Security Today. It’s Wednesday, March 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S. The new version of ChatGPT has been released. But if you were hoping that version 4 has made this tool safer

Only 9 per cent of Canadian firms are cyber mature: Cisco report

Only 15 per cent of companies around the world would have a mature cyber readiness, according to survey

Ferrari notifies customers of ransom demand

Exclusive car maker says some client contact information exposed in cy

Government backs down on document demand from Google, Facebook

Change meets criticism that demand for external communications is an invasion

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways