← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Discord Invite Hijacking: How Fake Links Are Delivering Infostealers
WHITE AlienVault 2025-06-20 Modified: 2025-07-20
36
IOCs
MEDIUM VOLUME
Cybercriminals are exploiting Discord's invite system and content delivery features to distribute malware and steal sensitive data. They use fake invite links, expired codes, and vanity URLs to redirect users to malicious servers. The attack chain involves a sophisticated combination of social engineering, multi-stage loaders, and time-based evasion tactics. Victims are tricked into authorizing a fake bot, which leads to the deployment of AsyncRAT and a customized Skuld Stealer. These malware variants target browser credentials, Discord tokens, and cryptocurrency wallets. The campaign uses trusted platforms like GitHub and Bitbucket to host encrypted payloads, and employs advanced techniques to bypass security measures and maintain persistence.
chromekatzphishingmulti-stage attackcryptocurrencyskuld stealerdiscordinvite hijackingsocial engineeringasyncratwallet injection
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (36)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3d32539314f681bc250ee749e1dc4538 2025-06-20
FileHash-MD5 4ef039f4fdd0df3a9d20feb34b1cfd62 2025-06-20
FileHash-MD5 6e397edeb705cdd9de4cb2f16dbed271 2025-06-20
FileHash-MD5 7834b9b4574b68ba85eabd79b9770b08 2025-06-20
FileHash-MD5 8a5449c0ed6d73f0dc1be74156413d02 2025-06-20
FileHash-MD5 b5d26bf46c4732be2a28ba4fc88d4241 2025-06-20
FileHash-MD5 c6b5034526b90943b8c478494068a08d 2025-06-20
FileHash-MD5 f9db8601d94df9c026331066a2ba9ae1 2025-06-20
FileHash-MD5 fc13b02d22f6fe582e2948259660e3d5 2025-06-20
FileHash-SHA1 363a97ec2f5b63c9d5e8f0f2daf487c9db423a58 2025-06-20
FileHash-SHA1 4501e8029fedadab2cbaa9e504301200c4cd2bfe 2025-06-20
FileHash-SHA1 4e9ba566d5f0d8ab7f600e5b12f0b1edecff5f3d 2025-06-20
FileHash-SHA1 8dca55b5485aa1d9fa8716f15ee3802d8e8f43e5 2025-06-20
FileHash-SHA1 94b3250879e3600b24318e47620ae5aab15d8640 2025-06-20
FileHash-SHA1 96d660016368f406560631d9c142e7946cb49c46 2025-06-20
FileHash-SHA1 9af70bbe2eb389a76dafeb7bdab890799f14620b 2025-06-20
FileHash-SHA1 d383b44cb3c7e5a2e460300182d89932869a7281 2025-06-20
FileHash-SHA1 e6b9aca260498ed928e580fb920e78135a5a5150 2025-06-20
FileHash-SHA256 160eda7ad14610d93f28b7dee20501028c1a9d4f5dc0437794ccfc2604807693 2025-06-20
FileHash-SHA256 375fa2e3e936d05131ee71c5a72d1b703e58ec00ae103bbea552c031d3bfbdbe 2025-06-20
FileHash-SHA256 53b65b7c38e3d3fca465c547a8c1acc53c8723877c6884f8c3495ff8ccc94fbe 2025-06-20
FileHash-SHA256 5d0509f68a9b7c415a726be75a078180e3f02e59866f193b0a99eee8e39c874f 2025-06-20
FileHash-SHA256 670be5b8c7fcd6e2920a4929fcaa380b1b0750bfa27336991a483c0c0221236a 2025-06-20
FileHash-SHA256 673090abada8ca47419a5dbc37c5443fe990973613981ce622f30e83683dc932 2025-06-20
FileHash-SHA256 8135f126764592be3df17200f49140bfb546ec1b2c34a153aa509465406cb46c 2025-06-20
FileHash-SHA256 d54fa589708546eca500fbeea44363443b86f2617c15c8f7603ff4fb05d494c1 2025-06-20
FileHash-SHA256 db1aa52842247fc3e726b339f7f4911491836b0931c322d1d2ab218ac5a4fb08 2025-06-20
FileHash-SHA256 ef8c2f3c36fff5fccad806af47ded1fd53ad3e7ae22673e28e541460ff0db49c 2025-06-20
FileHash-SHA256 f08676eeb489087bc0e47bd08a3f7c4b57ef5941698bc09d30857c650763859c 2025-06-20
domain captchaguard.me 2025-06-20
domain discord-giveaway.net 2025-06-20
domain discordapp-login.com 2025-06-20
domain discordgifts.net 2025-06-20
domain discordnitro.gift 2025-06-20
domain microads.top 2025-06-20
domain request.open 2025-06-20
References (1)
↗ https://darkatlas.io/blog/discord-invite-hijacking-how-fake-links-are-delivering-infostealers