That single line of text, consisting of around 70 characters, is what the attackers are after. This token is the only key required to access your Discord account.įrom now on I will refer to that token as the master token, since it works like a master key for your Discord account. When you log in to your Discord account, either by entering your account credentials on the login screen, or by scanning a QR code with your Discord mobile app, Discord will send you your account token, in form of a string of data. I encourage you to contact me or at if you feel I missed anything or was mistaken. Please bear in mind that this post covers my personal point of view on how I feel the mitigations should be implemented and I am well aware that some of you may have much better ideas. In this post I will be explaining how the attacks work, what everyone can do to protect themselves and more importantly what Discord can do to mitigate such attacks. In recent weeks I thought the attackers are using some new reverse-proxy phishing techniques to hijack WebSocket sessions with similar tools to Evilginx, but in reality the hacks, I discovered, are much easier to execute than I anticipated. My focus is going to be purely on Discord account security, which should be of concern to everyone using Discord. They take over admin accounts in cryptocurrency-oriented communities to spread malware and launch further social engineering attacks. Hacking Discord accounts has suddenly become a very lucrative business for cybercriminals, who are going in for the kill, to make some easy money. Discord has somehow become a de facto official messenger application among the cryptocurrency community, with new channels oriented around NFTs, popping up like mushrooms. For the past couple of months, I've been hearing about increasing numbers of account takeover attacks in the Discord community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |