A concerning scam is affecting Discord users, turning once-legitimate links into malicious traps that jeopardize users’ data, computers, and cryptocurrency wallets. It’s essential for users to exercise caution before clicking on any Discord links, carefully inspecting invites to prevent exposing their devices to danger. Initially, Discord emerged as a simple communication platform primarily designed for gamers. Over time, it has evolved to accommodate a broader spectrum of users and functionalities, including text, voice, and video chat, as well as screen streaming.
Typically, users join communities by clicking invites to access various servers. However, even previously trustworthy links now pose risks because of vulnerabilities being exploited. Check Point Research first highlighted these exploits, revealing how expired Discord links can be manipulated to redirect users to illegitimate servers. This scam preys on users’ familiarity with server protocols, which often include rules and wait times for posting.
When users click these fraudulent links, they are taken to deceitful servers where they are then prompted to verify their accounts. This process involves following instructions that require downloading and executing a malicious PowerShell script, resulting in the installation of malware capable of screen capturing, keylogging, and even accessing connected webcams. The core challenge of this scam lies in the fact that expired links, which were once safe, can be reassigned to lead to harmful sites. According to research, temporary and custom vanity invite links can be repurposed by malicious users once they have expired, potentially leading to harmful environments instead of the intended servers.
In response to the original findings, Discord has shut down the bot implicated in this scam. However, the underlying issue with links remains unresolved, and new bots might emerge. To safeguard their accounts, users should remain cautious when interacting with any invites, particularly by prioritizing official Discord servers.