Jump to content

website with malicious download executable


Go to solution Solved by Marcos,

Recommended Posts

I have reported the website itself to ESET and it's currently being blocked, but as far as VirusTotal, ESET is the only one. The source is a scam/hack for emails and discord (I'm assuming, cause I'm no tech wizard). However I do want to report the executable the site wants to download, and I'm far too scared to even download it again, and don't know how to or where to get a VM to download it safely from.

The scammers want you to install a game to 'help' them with some achievement or something, but the .exe that they have you instead takes over your discord account.

I'll link the VirusTotal link instead of the actual site, and I'm sure anyone that wants to investigate can figure it out from there:
https://www.virustotal.com/gui/url/5a045cb21aa8af064c977003904009f3dc9627648e92ee8bfbd96e356f5aad82 H1aNpm7.png

Link to comment
Share on other sites

  • Administrators
  • Solution

The malware on the website is detected by ESET:

DivinePath-v1.0.9.0.exe - JS/Agent.RCY trojan

 

Link to comment
Share on other sites

2 hours ago, Kon said:

The scammers want you to install a game to 'help' them with some achievement or something, but the .exe that they have you instead takes over your discord account.

A few related references;

Discord

https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun/

Fake malicious downloads

https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-google-ads-evade-detection-for-months/

https://www.darkreading.com/threat-intelligence/watch-out-attackers-hiding-malware-browser-updates

Edited by itman
Link to comment
Share on other sites

Unfortunately I'm a victim of one of these attacks and so far the precautions that I have taken is that I have removed Divine path to my knowledge from being installed both on my computer and any remaining traces a file path and my app data folder and local and roaming as well as my startups.

So far launching task manager it doesn't show up anymore and I have also removed all traces of Discord and reinstalled it onto my system as well.

On top of running a few virus scans with ESET and so far it hasn't picked up anything should there be anything else I should be concerned with. the post you linked also does mention like browser web hooks which leads me to believe that my browser could potentially be affected.

Link to comment
Share on other sites

As the bleepingcomputer.com article notes;

Quote

Despite the growing scale of the issue in recent years, Discord has been unable to implement effective measures to deter cybercriminals, decisively address the problem, or at least limit it.

Therefore, use of it is at the user's peril.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...