• 2368 Maritime Dr Unit 250, Elk Grove, CA 95758, United States
  • Mon – Fri: 7:00AM – 7:00PM
  • contactus@bpsemail.com
Follow Us On:
Facebook-f Instagram Linkedin-in Pinterest
  • Home
  • Cyber Security
  • Discord Invite Link Hijacking Campaign Delivers AsyncRAT and Skuld Stealer Malware

Discord Invite Link Hijacking Campaign Delivers AsyncRAT and Skuld Stealer Malware

7 Views

A new cyberattack is exploiting expired or deleted Discord invite links to redirect users to malicious servers. This form of Discord Invite Link Hijacking is particularly dangerous. Once inside, victims are tricked into running PowerShell commands that install malware like AsyncRAT and the Skuld Stealer, both designed to steal sensitive data and control infected systems.

How the Discord Hijacking Attack Works

Attackers abuse Discord’s vanity URL system—which allows custom invite codes—by reclaiming expired links. These links are often shared on trusted websites, making them perfect for social engineering.

Here’s the step-by-step breakdown:

  1. A legitimate Discord invite expires or gets deleted.
  2. The attacker registers the same invite code on a malicious server.
  3. Victims clicking old links are redirected to the attacker’s fake community.
  4. A fake “verification” bot tricks them into pasting a PowerShell script.
  5. The script downloads and installs multiple malware strains.

The Malware Payloads Explained

AsyncRAT (Remote Access Trojan)

AsyncRAT gives attackers full remote control over the victim’s system. It enables:

  • Keystroke logging
  • File downloads and uploads
  • Screen monitoring
  • Command execution

Skuld Stealer

This Go-based infostealer targets cryptocurrency wallets like:

  • Exodus
  • Atomic
  • Electrum
  • Coinomi

It uses wallet injection techniques to extract private keys, login info, and other sensitive data.

ChromeKatz

A tool designed to extract:

  • Browser cookies
  • Autofill data
  • Saved passwords

Who’s Affected?

The campaign primarily targets users in:

  • United States
  • United Kingdom
  • Germany
  • France
  • Vietnam
  • Netherlands
  • Slovakia
  • Austria

Malware is spread through trusted platforms like GitHub, Bitbucket, Pastebin, and Discord’s own webhook system, bypassing many traditional antivirus tools.

What Makes This Attack Dangerous?

  • Exploits trust in commonly shared Discord links
  • Delivers multi-stage malware through PowerShell
  • Bypasses detection by using legitimate platforms for payload delivery
  • Targets crypto wallets, browsers, and full system control

How to Protect Yourself from Discord Malware

Avoid clicking old or expired Discord invites, especially from third-party sites.
Only trust links from verified communities with permanent invite links.
Never run PowerShell or Windows Run commands unless you’re 100% certain they’re safe.
Use anti-malware software with behavioral monitoring.
Educate your team on Discord-specific cyber threats and phishing tactics.

Final Thoughts

This Discord invite hijacking campaign is a reminder that even trusted platforms can be abused. Cybercriminals are constantly finding creative ways to exploit expired resources like invite links.

If you’re a Discord server owner or community manager, audit your invite links regularly and replace expired ones with secure alternatives.

Additional Resources

Leave A Comment

Your email address will not be published. Required fields are marked *