Jump to content

website with malicious download executable


Kon
Go to solution Solved by Marcos,

Recommended Posts

I have reported the website itself to ESET and it's currently being blocked, but as far as VirusTotal, ESET is the only one. The source is a scam/hack for emails and discord (I'm assuming, cause I'm no tech wizard). However I do want to report the executable the site wants to download, and I'm far too scared to even download it again, and don't know how to or where to get a VM to download it safely from.

The scammers want you to install a game to 'help' them with some achievement or something, but the .exe that they have you instead takes over your discord account.

I'll link the VirusTotal link instead of the actual site, and I'm sure anyone that wants to investigate can figure it out from there:
https://www.virustotal.com/gui/url/5a045cb21aa8af064c977003904009f3dc9627648e92ee8bfbd96e356f5aad82 H1aNpm7.png

Link to comment
Share on other sites

2 hours ago, Kon said:

The scammers want you to install a game to 'help' them with some achievement or something, but the .exe that they have you instead takes over your discord account.

A few related references;

Discord

https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun/

Fake malicious downloads

https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-google-ads-evade-detection-for-months/

https://www.darkreading.com/threat-intelligence/watch-out-attackers-hiding-malware-browser-updates

Edited by itman
Link to comment
Share on other sites

Unfortunately I'm a victim of one of these attacks and so far the precautions that I have taken is that I have removed Divine path to my knowledge from being installed both on my computer and any remaining traces a file path and my app data folder and local and roaming as well as my startups.

So far launching task manager it doesn't show up anymore and I have also removed all traces of Discord and reinstalled it onto my system as well.

On top of running a few virus scans with ESET and so far it hasn't picked up anything should there be anything else I should be concerned with. the post you linked also does mention like browser web hooks which leads me to believe that my browser could potentially be affected.

Link to comment
Share on other sites

As the bleepingcomputer.com article notes;

Quote

Despite the growing scale of the issue in recent years, Discord has been unable to implement effective measures to deter cybercriminals, decisively address the problem, or at least limit it.

Therefore, use of it is at the user's peril.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...