Miners use Discord servers to earn extra pocket money by spreading malware

The community uses dedicated Discord servers as a discussion forum and place of sale to spread malware families such as “Lunar”, “Snatch” or “Rift”, which follow the current malware-as-a-service trend. Discussion forums reveal that age-related slurs are thrown around almost daily. The kids also revealed their ages, discussed the idea of ​​hacking teachers and their school systems, and mentioned their parents in conversations. In a Discord group focused on selling “Lunar,” there were more than 1.5k users, of which about 60-100 had a “customer” role, meaning they paid for the builder. The prices of malware creation tools vary depending on the type of tool and the duration of access to the tool.

The types of teen-traded malware target both minors and adults and offer options such as stealing passwords and private information, cryptomining, and even ransomware. For example, if a customer purchases a construction tool and chooses to use it for data theft, the generated sample will send all stolen data to that particular customer who generated and distributed it. Or, if a client uses a tool to generate a ransomware sample, the victim will be prompted to send money to that particular client’s cryptowallet. Other prominent features include stealing game accounts, deleting Fortnite or Minecraft folders, or repeatedly opening a web browser containing adult content, seemingly just to prank others.

“These communities can be appealing to kids and teens because hacking is considered cool and fun, malware creators provide an affordable and easy way to hack someone and brag about it to your peers, and even a way to make money from ransomware, cryptomining and selling user data,” said Jan Holman, researcher at Avast Malware “However, these activities are by no means harmless, they are criminal. They can have significant personal and legal consequences, especially if children expose their own and their families’ identities online or if purchased malware actually infects children’s computers, leaving their families vulnerable by letting them use the device concerned. Their data, including online accounts and bank details, can be leaked to cybercriminals,” Holman added.

Distribution of malware via YouTube

After purchasing and compiling their custom malware sample, some customers use YouTube to market and distribute their malware. Avast researchers have seen customers create a YouTube video purporting to show information about a hacked game, or game cheat, that they linked to. However, the URL actually leads to their malware instead. To build trust for their video, they ask other people on Discord to like and leave comments under the video, endorsing it and saying it’s genuine. In some cases, they even asked other people to say that if their antivirus software detects the file as malicious, it’s a false positive.

“This technique is quite insidious because instead of fake accounts and bots, real people are used to upvote harmful content. As genuine accounts work together to positively comment on the content, the malicious link seems more trustworthy, and in as such can trick more people into downloading it,” comments Jan Holman.

By monitoring online communities, Avast found that while group members support each other with cybercrime, partly as pranks, but also as stealing information and money, there are also conversations that easily become quite turbulent. A considerable amount of fighting, instability and intimidation among users with “cut-throat” competition that goes so far as to appropriate someone else’s code base and slander it has been observed.

Malware builders are tools that allow users to generate malicious files without having to program anything. Typically, users only need to select features and customize details such as the icon. There are several vendor-based malware families that have similar user interfaces with slightly different layouts, color schemes, names, and logos. These are usually short-lived projects based on source code from GitHub or another vendor, rebranded with a new logo and name, sometimes slightly modified or modified with new features.

Avast created detections protecting users from samples spreading across servers and contacted Discord to inform them of these groups. Discord has confirmed that it has taken steps to address these types of communities and has banned servers associated with Avast discoveries.

How to protect children from dark online activities:

It is very important to teach kids to critique attractive offers, such as new game features not available in official stores or pre-release versions of popular games. Parents should also educate children about the importance of password security and tell them never to share their passwords with others, even if they claim to be their friends or a game master offering help. For the youngest, it is crucial not to reveal any personal information when playing on multiplayer platforms, such as Discord or the game Minecraft. Moreover, children always need ethical advice on what is right or wrong, also in the digital space. What may seem adventurous and fun can cause serious harm to others and be a real criminal offence. Young children may think they are safe because they are not yet legally responsible, but their parents are. It is important for parents to tell their children about this.

Discord also shared with Avast that they advise parents to help customize the child’s settings to prevent them from receiving messages from strangers. You can find more safety tips for parents on the Discord Blog.

For more information on research, please visit: https://blog.avast.com/kids-discord-hacking-groups

About Avast:

Avast (LSE: AVST), a FTSE 100 company, is a global leader in digital security and privacy, headquartered in Prague, Czech Republic. With more than 435 million online users, Avast offers products under the Avast and AVG brands that protect users against Internet threats and the changing IoT threat landscape. The company’s threat detection network is one of the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of Coalition Against Stalkerware, No More Ransom and Internet Watch Foundation. Visit: www.avast.com.

Stay in touch with Avast:

Media Contact: [email protected]

SOURCEAvast Software, Inc.

Comments are closed.