@discord.com There is a group doing account takeover in the VTuber and Streamer space and using the Discord CDN.
Password is `sparkbeta` for the RAR.
VTubers please be careful, your friends can be infected! Don't click things that look like this!
https://urlscan.io/result/e5b4ffd1-1c12-484d-b745-f01fc70ba91b/#links
#VTuber #Discord
Password is `sparkbeta` for the RAR.
VTubers please be careful, your friends can be infected! Don't click things that look like this!
https://urlscan.io/result/e5b4ffd1-1c12-484d-b745-f01fc70ba91b/#links
#VTuber #Discord
Comments
https://bazaar.abuse.ch/sample/73b47149af8a048750833f65d3d95039f06d54fcd74f856bd1bce04dbb7ceb3c/
Not many detections on VT but sandboxes detect it.
https://www.virustotal.com/gui/file/73b47149af8a048750833f65d3d95039f06d54fcd74f856bd1bce04dbb7ceb3c
https://www.virustotal.com/gui/url-analysis/u-82a3ceecd099387df8c7a34c863b2299e283cdb979ceb47c10789473529fc4ee-1737183030
More sites can be found with URLScan:
https://urlscan.io/search/#hash%3A1e4025cf814744692375cbc5767bc3ad6e8da5460c9f7ac3086d04b21217b2b8
#Malware #Discord
https://urlscan.io/result/d8da6b1b-c543-4477-af9b-169eb85a23c3/#summary
Here you can see they are switching to storj, they forgot to remove some local links, revealing another domain (sonicglyder).
https://urlscan.io/result/df23b6b5-df1a-4103-b090-aa91d680c237/
Here is another search to find more:
https://urlscan.io/search/#hash%3A9a11f2272cba9003b2b87d90c1b4113abbd280788ae05da5cb856150594d7b95
#Malware #Discord
https://app.any.run/tasks/6cc55300-c159-4853-8c47-b153aedaeb7d
#Malware #Discord
https://bazaar.abuse.ch/sample/3447e206c0db57c77033ffa0b18ace5bd8e31644a4bee7d6a23400243dc24479/
https://www.virustotal.com/gui/file/3447e206c0db57c77033ffa0b18ace5bd8e31644a4bee7d6a23400243dc24479
#Stealer #Malware
https://www.virustotal.com/gui/domain/api.codeplay-api.com/relations
Many connections to stealers for Discord tokens.