Image by ELLA DON, from Unsplash

Malware Campaign Hijacks Old Discord Links To Hack Crypto Users

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Hackers are hijacking expired Discord invite links to trick users into malware infections that steal crypto wallets and bypass browser security tools.

In a rush? Here are the quick facts:

• Victims redirected to phishing sites through fake Discord verification bots.
• Malware downloaded from trusted platforms like GitHub and Pastebin.
• AsyncRAT and Skuld Stealer target crypto wallets and sensitive user data.

According to CheckPoint research team, cybercriminals are using expired Discord invite links to lead users toward malicious servers that result in advanced malware infections.

Attackers hijack former invite links, which belonged to trusted communities, to send users toward imitation Discord servers. The fake Discord servers trick their users into downloading dangerous malware, including AsyncRAT and Skuld Stealer, cryptocurrency wallet-targeting malware.

The attackers exploit how Discord generates invite links by using both temporary and permanent linking capabilities. Attackers gain access to abandoned links by claiming them back to set harmful Discord servers.

In this way, users who click on what appears to be valid invitations from social media or outdated posts are automatically taken to malicious servers controlled by hackers.

Inside these fake servers, users encounter a bot called “Safeguard” that presents a fake verification process. After users initiate the verification process, they access a phishing website, which runs a dangerous PowerShell command.

The command retrieves malicious software from GitHub, as well as Bitbucket and Pastebin platforms, in order to make the operation blend in with standard web traffic.

The malware executes multiple stages to evade detection systems. A GitHub link serves as the first download target for a PowerShell script. The loader retrieves the encrypted malware from Bitbucket before decrypting it for installation on the user’s computer system.

The last payloads—AsyncRAT and Skuld Stealer—enable attackers to remotely control systems and steal important information, including user credentials, together with crypto wallet details from Exodus and Atomic applications. The malware implements timed delays, up to 15 minutes, to evade automated security systems.

Additionally, the cyberattackers discovered a method to circumvent the protection provided by Google Chrome’s App Bound Encryption for cookies. The attackers modified ChromeKatz to enable direct extraction of login cookies from Chrome, Edge, and Brave browser memory.

The attacks have targeted users throughout the United States, along with Vietnam, France, and Germany, as well as additional nations. The attackers seem to target cryptocurrency users because their malware specifically targets wallet credentials and recovery phrases.

The researchers believe cybercriminals will develop new methods despite Discord disabling the specific bot used in this campaign. Users should protect themselves from such attacks by avoiding outdated Discord invites, while being cautious about verification requests and maintaining current antivirus software.

Image by Christian Wiediger, from Unsplash

FBI Warns OF Rise In Scam Texts Impersonating U.S. Officials

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

The FBI confirms a 700% rise in scam texts impersonating officials, urging users to delete messages.

In a rush? Here are the quick facts:

• Scam texts surged over 700% in early June targeting U.S. smartphone users.
• FBI confirms scammers impersonate senior U.S. officials using text and AI voice messages.
• Resecurity warns one actor can send 2 million scam texts daily.

The FBI has released a national warning about increasing fraudulent text and voice messages that target smartphone users, instructing them to remove any suspicious messages, particularly those that pretend to be from government agencies.

The new wave of scams uses AI voice synthesis together with SMS “smishing” techniques to create fake senior U.S. official impersonations for stealing sensitive data and installing malware.

The number of scams has increased by more than 700% since April 2025, as scammers use fake DMV agencies, senior government officials, and made-up department impersonations, as reported by Forbes .

The FBI took action because DMV-themed scam texts increased by 773% during early June, as noted by Forbes. The fake websites in these messages require users to provide credit card details while simultaneously spreading malicious software.

Supervisory Special Agent David Palmer of FBI Tennessee confirmed that cybercriminals behind unpaid toll scams have “pivoted to the DMV scam,” stating that clicking links can “put malware on your phone […] steal information from your device, or collect your payment information,” as reported by WREG .

The FBI reports that AI-generated “vishing” calls impersonate U.S. officials to gain access to personal accounts through a parallel scamming operation. The initial part of these attacks requires victims to move to different platforms before scammers obtain sensitive information or malicious files from victims.

The messages contain specific targeting features, which include stolen images, deepfake audio, and names that have minor modifications to create a believable impression.

Forbes reports that security analysts predict that one threat actor can distribute 2 million scam messages daily, which would reach every American at least twice throughout the year.

The FBI recommends users check the authenticity of unfamiliar contacts, refrain from following suspicious links, and maintain the secrecy of two-factor authentication codes.

“If you don’t know who [a text] is from, don’t click the link,” Palmer emphasized, as reported by Forbes. For safety, users should report suspicious messages and confirm official contacts independently.