网络安全研究人员发现，网络犯罪分子正在利用Discord webhook作为替代性命令与控制（C2）通道，渗透主流编程语言生态系统。与传统C2服务器不同，webhook提供免费且隐蔽的数据外传渠道，能够完美隐藏在合法的HTTPS流量中。 过去一个月内，npm、PyPI和RubyGems平台上 ...

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a ...

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several ...

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal ...

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...