Threat actors are targeting crypto and NFT Discord communities
Malicious actors are abusing the popular chart service with the help of a crypter called Babadeda, which means “Grandma-Grandpa” in the Russian language.
Cybersecurity firm Morphisec was the first to discover the new malware distribution campaign earlier this week.
Criminals typically attempt to cajole users into downloading fake software, copying popular blockchain games such as “Mines of Dalarna.”
Based on an HTML object of one of the decoy sites, Morphisec determined that the malware campaign is operated by people from a Russian-speaking country.
Threat actors are impersonating the websites of some of the most prominent companies within the NFT industry, including OpenSea and Larva Labs.
Those who started installing the malware typically see a fake error, which is used as a deception technique, while the installer does its job in the background.
Cybercriminals are likely to go after victims’ crypto wallets and NFTs.
Discord’s malware problem
It is not surprising that Discord has become the target of threat actors since it has become home to plenty of cryptocurrency users where they can communicate via publicly accessible channels or private messages.
It is not just crypto: Sophos revealed that Discord accounted for 4% of all malware downloads as of July.
Earlier this month, Discord shelved its plan to integrate the Ethereum network after facing severe backlash from the anti-crypto segment of its customer base.