Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Hackers inflicted malware on Top.gg’s Discord bots to steal your data
Hackers targeted the Top.gg community and inflicted bots with malware
2 min. read
Published onMarch 27, 2024
published onMarch 27, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Hackers targetedTop.gg, the Discord community with over 170,000 members. If you use the app, you might already know about the group. After all, they share many great bots you can use for various purposes, such as gaming, music, giveaways, management, and more. Thus, wrongdoers considered exploiting Discord bots to spread their malware and gain control over personal information from other groups.
In addition, the community promotes discord servers and acts like a store for the bots. Also, the platform enhances gaming experiences, provides moderation tools, and offers fun features for other gaming communities.
How did threat actors target the Discord Community?
To target Discord communities,threat actorsused a supply chain attack. This method allowed them to sneak malware into the platform, affecting developers and other members. The ones responsible used various tactics in the past, such as stealing GitHub accounts, distributing malicious Python packages (PyPI), using a fake Python infrastructure, and social engineering. The main goals of the wrongdoers are to spread Discord bots with malware to steal data and sell it for money.
Unfortunately, according toBleepingComputer, cybercriminals started targeting the Discord community in 2022. At first, they used PyPI to upload malicious packages similar to open-source tools. While seeming legitimate, they contained malware.
As a result, some developers contacted the virus and got their accounts hijacked. Afterward, hackers altered the developer’s project files to spread the virus to other Discord bots. On top of that, they used fake dependencies to redirect the user to the attacker’s fake mirror. The fake mirror is a website or server that looks legitimate to trick you into downloading malware or sharing personal information.
Ultimately, wrongdoers target important Discord communities like Top.gg because other groups use their bots and tools. Thus, threat actors can use this opportunity to spread their malware and steal and sell our data. To defend against attacks, you can review your code, check the updates, scrutinize sources, and use code signing and multi-factor authentications. Furthermore, if you are a Discord server owner, consider verifying the bot’s reviews, ratings, and permissions.
What are your thoughts? How do you defend your community and work against cyber criminals? Let us know your practices in the comments.
More about the topics:Cybersecurity,Discord,Discord issues
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
