"Malware Builder Leverages Discord Webhooks"
Researchers found a simple malware builder that steals credentials and sends them to Discord webhooks. A Discord user called Portu began selling a new password-stealing malware generator on April 23rd, 2022. Malware builders are programs that "script kiddie" hackers can use to create their own executables. A script kiddie is a term used in cybersecurity to describe a rookie hacker who modifies pre-existing code for their own malicious objectives. Four days later, Uptycs security experts detected the first sample of "KurayStealer," a Portu-inspired malware sample in the wild. The software has been used to attack Discord users. KurayStealer's author appears to have taken inspiration and code from those earlier attacks. The researchers observed several similar versions in public repositories such as GitHub. They also added that the KurayStealer builder contains components of other password stealers. When KurayStealer is first run, it checks to see if the malicious user is using the free or "VIP" (paid) version. It then tries to substitute the string "api/webhooks" with "Kisses" in BetterDiscord, a more advanced version of the Discord app with more developer-friendly features. If this activity is successful, the hacker will be able to undermine the app and set up webhooks. Webhooks are a mechanism that allows webpages and applications to exchange real-time data over HTTP. Webhooks are similar to Application Programming Interfaces (APIs), with the exception that they transfer data automatically rather than requiring the receiver to make a request. With webhooks in place, the program takes a screenshot and retrieves the target machine's geo-location. Then it starts searching for credentials in Discord, Microsoft Edge, Chrome, and 18 other apps, gathering passwords, tokens, IP addresses, and more. Any information gathered during this procedure is sent back to the attacker via webhooks. This article continues to discuss the KurayStealer malware builder and what is known about its author.
Threatpost reports "Malware Builder Leverages Discord Webhooks"