Discord hack

Community

Note: I'm not affilated with Discord and do not encourage using any of these hacks. Use everything here at your own risk. This is meant for educational purposes only and using these codeblocks may result in your account being disabled/terminated.

Here is the Invite Link to the community: https://matrix.to/#/#discord-oxygen:matrix.org

The main community is on matrix, most channels are encrypted and can only be accessed from within matrix. For those of you who can't use Matrix we created the Discord Server, its bridged to the Community (=every message you sent in Discord automatically appears in matrix and vice-versa)
Here's the Invite Link: https://discord.gg/2FqBxRA6fS (2nd server)

Please don't use console hacks not sent by me, or you might risk loosing your account.
I'll update this invite regularly, if e.g. my account gets compromised or Discord shuts down the Server, I will create a new Account, a new Server and will then update the invite above.
If the invite doesn't work anymore, it means the Server got deleted and you need to wait until I can create a new Account.


Sours: https://github.com/hxr404/Discord-Console-hacks

Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.

Cisco's security division, Talos, published new research on Wednesday highlighting how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals. With growing frequency, they're being used to serve up malware to victims in the form of a link that looks trustworthy. In other cases, hackers have integrated Discord into their malware for remote control of their code running on infected machines, and even to steal data from victims. Cisco's researchers warn that none of the techniques they found actually exploits a clear hackable vulnerability in Slack or Discord, or even requires Slack or Discord to be installed on the victim's machine. Instead, they simply take advantage of some little-examined features of those collaboration platforms, along with their ubiquity and the trust that both users and systems administrators have come to place in them.

"People are way more likely to do things like click a Discord link than they would have been in the past, because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link," says Cisco Talos security researcher Nick Biasini. "Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them."

Among the collaboration app exploitation techniques Cisco's researchers are warning about, the most common uses the platforms essentially as a file hosting service. Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. In many cases, Cisco found, those files are malicious; the researchers list nine recent remote-access spy tools that hackers have tried to install in this fashion, including Agent Tesla, LimeRAT, and Phoenix Keylogger.

The links don't have to be delivered to victims inside of Slack or Discord. They can also be served up over email, where hackers can far more easily trawl for victims en masse, impersonate a victim's colleagues, and reach users with whom they have no previous connection. As a result, Cisco has recorded a major uptick in the use of those links to deliver malware via email in the past year. "Over the last several months we’ve seen tens of thousands, and the rate has been steadily increasing," says Biasini. "Right now it appears to be peaking."

Security firm Zscaler similarly noted the rise in the technique's use by cybercriminals in research published in February, warning that they'd spotted as many as two dozen malware variants per day, including ransomware and cryptocurrency mining programs, being delivered as fake video games embedded in Discord links. Hackers have also used the technique to plant malware that steals Discord authentication tokens from victims' computers, allowing the hacker to impersonate them on Discord, spreading more malicious Discord links while using a victim's account to cover their tracks.

Aside from exploiting the trust that users place in Slack and Discord links, that technique also obfuscates the malware, since both Slack and Discord use HTTPS encryption on their links and compress files when they're uploaded. And while other methods of hosting malware can be taken offline or blocked when a hacker's server is discovered, the Slack and Discord links are harder to take down or block users from accessing. "Adversaries are most likely going to be affected by things like shutting down a server, shutting down a domain, blacklisting files," says Biasini. "And what they’ve done is figured out a way to break that."

"Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them."

Nick Biasini, Cisco Talos

Aside from hosting their malware in Discord and Slack links, cybercriminals are also using Discord as the command-and-control and data-stealing element in their malware. Discord allows programmers to add "webhooks" to their code that automatically update a Discord channel with information from an application or website. So cybercriminals have exploited that technique to relay information from infected computers back to the command-and-control server that they use to administer a botnet, or even to pull data from a victim's machine back to the server. As with the malicious link technique, that webhook trick hides the malicious traffic in more innocent-looking, encrypted Discord communications, and makes the hacker's infrastructure more difficult to pull offline. (While Slack also offers a similar webhook feature, Cisco says it has yet to see hackers abuse it as they have Discord's.)

When WIRED reached out to Discord and Slack, a Discord spokesperson said that the company does proactively scan for malware in files that are hosted on its platform, takes down any hosted malware that's reported to it by users or security researchers, and seeks to identify groups of users who are abusing its tools for cybercriminal purposes. "We are working to enhance our processes to make it easier to report these types of issues, improve the way these issues are internally routed for faster triaging, and dedicate more resources to proactively identifying this type of abuse," the spokesperson writes. A Slack spokesperson responded with a statement pointing out that since February, Slack has blocked .exe files from being shared via external links and has blocked many other potentially dangerous file types on Slack Connect, which allows users to send messages between Slack installations. Slack says it's also working on more malware protection and link-scanning tools that will roll out this spring.

Aside from pushing Slack and Discord to more effectively scan the files for signs of malware that they host as external links, Cisco's Biasini argues that organizations should consider simply blocking Discord links, given that it's not often used as an authorized collaboration tool inside of enterprise networks. As for organizations who do use Discord and can't block it—or individual users who don't have enterprise-style security policies—he says they should learn to eye Slack and particularly Discord links just as warily as they do any other link that comes from a stranger. "It’s the same old stuff: Don’t click links from people you don’t know. If you don’t know where this came from don’t buy into it. If it sounds too good to be true, it probably is," Biasini says. "If you have never clicked a Discord URL before, don’t start now."


More Great WIRED Stories

Sours: https://www.wired.com/story/malware-discord-slack-links/
  1. 1660 super passmark
  2. Curaleaf florida locations
  3. Math wiki

Tips against spam and hacking

General Spam and Hacking Tips
  • Never click on unfamiliar or unexpected links. If you leave Discord by clicking on a link that takes you elsewhere, it's possible that the external site can access your personal information. We recommend scanning any unfamiliar links through a site checker like Sucuri or VirusTotal before clicking on it. You may also consider running all shortened URLs through a URL expander to ensure you know exactly where you will be directed.
  • Never download unfamiliar files from anyone you don't know or trust.
  • Be careful about sharing personal information. Discord is a great way to meet new friends and join new communities, but as with any online interaction, protect yourself by only sharing personal information with people you know and trust.
  • Discord will only make announcements through our official channels. We do not distribute information secondhand through users or chainmail messages.

If you believe your account has been compromised by another Discord user, submit a report to Trust & Safety here.

Spam

Discord uses a proactive spam filter to protect the experience of our users and the health of the platform. Sending spam is against our Terms of Service. We might take action against any account, bot, or server initiating any of these or similar tactics. If you believe spam originated from Discord, email us immediately at [email protected] If you’re getting unsolicited messages or friend requests, here’s how to change your Privacy Settings.

Here are some specific actions we might investigate and act on for the health of Discord users: 

Direct Message (DM) spam

Receiving unsolicited messages or ads is a bad experience for users. These are some examples of DM spam for both users and bots:

  • unsolicited messages and advertisements
  • mass server invites
  • multiple messages with the same content over a short period of time

Join 4 Join

Join 4 Join is the process of advertising for others to join your server with the promise to join their server in return. This might seem like a quick and fun way to introduce people to your server and to join new communities, but there’s a thin line between Join 4 Join and spam. 

Even if these invitations are not unsolicited, they might be flagged by our spam filter. Sending a large number of messages in a short period of time creates a strain on our service. That may result in action being taken on your account.

Joining many servers, sending many friend requests

While we do want you to find new communities and friends on Discord, we will enforce rate limits against spammers who might take advantage of this through bulk joins or bulk requests. Joining a lot of servers simultaneously, or sending a large number of friend requests might be considered spam. In order to shut down spambots, we take action against accounts that join servers too frequently, or send out too many friend requests at one time. The majority of Discord users will never encounter our proactive spam filter, but if, for example, you send a friend request in just a few minutes to everyone you see in a thousand-person server, we may take action on your account. 

Instead of joining too many servers at once, we recommend using Server Discovery to find active public communities on topics you’re passionate about. 

Servers dedicated to spamming actions

Servers dedicated to mass copy-paste messaging, or encouraging DM advertising, are considered dedicated spam servers.

Many servers have popular bots which reward active messaging. We don’t consider these to be spambots, but spam messages to generate these bot prompts is considered abuse of our API, and may result in our taking action on the server and/or the users who participate in mass messaging. Besides cheating those systems, sending a large number of messages in a short period of time harms the platform. 

Invite rewards servers

Invite reward servers are servers that promise some form of perk, often financial, for inviting and getting other users to join said server.  We strongly discourage this activity, as it often results in spamming users with unsolicited messages. If it leads to spam or another form of abuse, we may take action including removing the users and server.

Bots and Selfbots 

If a bot contacts you to be added to your server, or asks you to click on a suspicious link, please report it to our Trust & Safety team for investigation. 

We don’t create bots to offer you free products. This is a scam. If you receive a DM from a bot offering you something, or asking you to click on a link, report it. 

We understand the allure of free stuff. But we’re sorry to say these bots are not real. Do not add them to your server in hopes of receiving something in return as they likely will compromise your server. If anything gets deleted, we have no way of restoring what was lost. 

Using a user token in any application (known as a Selfbot), or any automation of your account, may result in account suspension or termination. Our automated system will flag bots it suspects are being used for spam or any other suspicious activity. The bot, as well as the bot owner’s account, may be disabled as a result of our investigation. If your bot’s code is publicly available, please remove your bot’s token from the text to prevent it from being compromised. 

Hacking incidents, DDoS attacks 

If you believe your account has been compromised through hacking, here are some steps you can take to regain access and protect yourself in the future.

1. Reset your password. 

  • Choose a long password with a mix of uppercase letters, lowercase letters, and special characters that is hard to guess and isn’t used for anything else. We recommend using a password manager which can make creating and storing secure passwords extremely easy.
  • If your account’s token has been compromised, reset your password to generate a new token. You should never give your account password or token to anyone. Discord will never ask for this information.

2. Turn on Two-Factor Authentication (2FA)

Two-factor authentication (2FA) strengthens your account to protect against intruders by requiring you to provide a second form of confirmation that you are the rightful account owner. Here’s how to set up 2FA on your Discord account. If for some reason you’re having trouble logging in with 2FA, here’s our help article. 

3. DDoS (Distributed Denial of Service) attacks

A distributed denial of service (DDoS) attack floods an IP address with useless requests, resulting in the attacked modem or router no longer being able to successfully connect to the internet. If you believe your IP address has been targeted in a DDoS attack, here are some steps you can take:

  • Reset your router via its manufacturer instructions.
  • Unplug your modem for 5-10 minutes and then plug it back in. This can cycle your IP address to a new one.
  • Contact your internet service provider (ISP) for assistance. Your ISP might also be able to tell you where the attack came from. Please note that Discord does not have this information.
  • If you believe this attack is coming from a user on Discord, please file a report with Trust & Safety.
  • Please note: Discord never shares your IP address with other users. Bad actors might send malicious links such as IP grabbers or other scams in an attempt to get your IP address. Never click on unfamiliar links and be wary about sharing your IP address with anyone.
Sours: https://discord.com/safety/360044104071-Tips-against-spam-and-hacking

.

Hack discord

.

.

You will also be interested:

.



1088 1089 1090 1091 1092