Don't click on this old Discord invite link! It could be malware!

Most of us have done it before: Trying to use an old link to access a website or service. That familiar old link gets you where you need to go — but with Discord , that old link can take you to a world of malware .

 

Old Discord links may be spreading malware

It's strange to think that a seemingly harmless Discord link could lead you to dangerous malware.

But that's exactly what security researchers at Check Point discovered when they uncovered a massive malware campaign that was actively exploiting old Discord invites.

Discord invites allow you to go directly to the server the invite was sent from and log in. The invite code sent to you contains a unique identifier, which allows you to access the server, with different levels of access set by the sender (such as temporary, permanent, etc.).

 

Currently, on Discord, there are special 'Level 3' servers with enhanced features that allow for faster growth, such as more invites, higher capacity, and custom links. While regular Discord invites are randomly generated (and therefore unlikely to reappear), hackers are exploiting these old and potentially expired custom links and reusing them to target malicious servers hosting malware.

 

So when you click on one of the repurposed malicious links, you land on a Discord server that looks and feels authentic, but prompts you to verify your identity. From there, the link launches a version of the ClickFix malware, which displays a message saying the CAPTCHA failed, instructing you to verify it manually.

 

The 'manual verification process' requires you to run a Windows command to launch a PowerShell script, which then downloads and installs the malware. Interestingly, the Check Point team found that the script used to download and install the malware is not detected by most antivirus and antimalware suites, making it even harder to avoid an attack like this.

What malware does the fake Discord link download?

Once the script is executed on the victim's machine, it attempts to download and install extremely dangerous malware. For example, AsyncRAT is a powerful remote access Trojan that can give an attacker control over the victim's machine, Skuld Stealer is an infostealer that targets user data and cryptocurrency wallets, and ChromeKatz attempts to steal browser cookies and other information.

Once installed, this combination of malware will allow widespread access to any device, steal highly sensitive data, etc.

How to avoid Discord links containing malware

First, avoid all old Discord invite links. Any link sent to you that has been sitting in your inbox for a while without being used should be discarded - consider it a potential hazard.

Second, extend those suspicions to any Discord invite links hosted on websites, forums like Reddit, etc. Any link embedded on such a site is likely to be considered dangerous, so avoid them.

Finally, if you click on a Discord invite link and it asks you to verify your identity again, that's another red flag and a good reason to close the page immediately. Any Discord server that asks you to run a specific command from the Run dialog in Windows is also extremely bad news and should be avoided at all costs.

Finally, make sure your antivirus or antimalware software is up to date. The Discord malware script is detected by very few antivirus engines, but having an up-to-date tool will help protect you from any malware that is installed – although no antivirus is perfect!