Threat actors were spotted exploiting the Discord platform to propagate SYK Crypter. The popularity of these social media sites and platforms has gathered the attention of many malware developers, resulting in the development of multiple threats that compromise this internet field.
The researchers also highlighted the malware’s capabilities, including bypassing the behaviour and signature-based cybersecurity controls in the targeted system.
Additionally, the attack chain portrays the maturity of the threat actors when it comes to abusing the Discord’s Content Delivery Network. This new threat campaign targeted organisations and numerous sectors with phishing emails.
For their attack strategy, the threat actors present the malware as a purchase order by utilising file names such as “Purchase Order[.]exe” and “New_Order_*[.]exe, AMAZON_ORDER*PDF[.]ex.” These names can lure in new victims since they are the main subjects in the phishing emails used by the threat actors.
The attack process has two primary components. One of the two components is the standard [.]NET loader, and the other one is the new SYK Crypter coded as “[.]NET crypter.”
If a victim accesses the link in the phishing emails, the SYK crypter will then disseminate multiple malware strains, including AsyncRAT, NanoCore RAT, RedLine Stealer, WarzoneRAT, QuasarRAT, and njRAT.
The SYK Crypter operator has taken advantage of the popularity of the Discord chat platform.
The popularity and the growth of several chat communities have attracted numerous threat actors, resulting in the development of many crypter, especially the SYK Crypter. Since the Discord platform became a common ground for exchanging ideas, it also became a platform for malware propagation.
As of now, cybersecurity experts suggest that government sectors and organisations should employ a zero-trust architecture instead of trusting a static malware solution based on standard and expected behaviours or signatures. But the essential detail is that the Discord users or other chat platform users should always stay alert for phishing messages and apply better internet hygiene.
