Discord Users Are Targeted For Ransom


Anyone who uses the Discord social media platform should beware of new malware. Using an encryption Trojan, hackers not only steal users’ access to their files but also steal Discord account credentials.

The ransomware goes by the name of AXLocker and, as usual, displays a payment request after the “successful” installation. As security researchers from Cyble (via Bleeping Computer ) explain, almost all documents and other content stored on the PC are initially encrypted. In order to be able to restore the files, an e-mail address should be contacted and a transaction carried out. Of course, such requests should not be responded to and the affected device should be isolated.

After all, files can only be found on the data medium in cryptic form, the malware collects further details such as the name of the computer, the username, the currently assigned IP address, a unique ID of the system, and Discord tokens. AXLocker searches various directories for the authentication details using a regular expression and saves the tokens in a list if any are found in the respective folders.

Tokens sent to Discord servers

The data is then sent to the attackers’ Discord channel using a webhook URL. With the stolen token it is possible to act on behalf of the corresponding user and take over the account completely. Anyone who discovers AXLocker on their PC should therefore change their Discord password and thus invalidate the tokens.