{"id":215899,"date":"2025-06-14T05:14:45","date_gmt":"2025-06-14T10:14:45","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/06\/discord-invite-link-hijacking-delivers-asyncrat-and-skuld-stealer-targeting-crypto-wallets"},"modified":"2025-06-14T05:14:45","modified_gmt":"2025-06-14T10:14:45","slug":"discord-invite-link-hijacking-delivers-asyncrat-and-skuld-stealer-targeting-crypto-wallets","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/06\/discord-invite-link-hijacking-delivers-asyncrat-and-skuld-stealer-targeting-crypto-wallets","title":{"rendered":"Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/discord-invite-link-hijacking-delivers-asyncrat-and-skuld-stealer-targeting-crypto-wallets2.jpg\"><\/a><\/p>\n<p>A new malware campaign is exploiting a weakness in Discord\u2019s invitation system to deliver an information stealer called <a href=\"https:\/\/thehackernews.com\/2023\/06\/new-golang-based-skuld-malware-stealing.html\" rel=\"noopener\" target=\"_blank\">Skuld<\/a> and the <a href=\"https:\/\/thehackernews.com\/2025\/02\/asyncrat-campaign-uses-python-payloads.html\" rel=\"noopener\" target=\"_blank\">AsyncRAT<\/a> remote access trojan.<\/p>\n<p>\u201cAttackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers,\u201d Check Point <a href=\"https:\/\/research.checkpoint.com\/2025\/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a technical report. \u201cThe attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets.\u201d<\/p>\n<p>The issue with Discord\u2019s invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new malware campaign is exploiting a weakness in Discord\u2019s invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. \u201cAttackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers,\u201d Check Point said in a technical report. \u201cThe attackers combined [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-215899","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=215899"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215899\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=215899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=215899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=215899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}