Regarding recent hacks going around Discord Communities
Hello everyone,
I hope everything is alright safe and sound. We want to make a small post to spread awareness of an ongoing situation that is around Discord communities, that is using Discord as a platform as of late, your friends or you may have been noticing a message from someone that is your friend or another person regarding testing of a game or a program, in this case, the program is called Dragons_Jump, so this is not a game more like a quick snatch and grab of your Discord session token that bypasses your Discord account 2FA and any security measures. Think of the Discord session token as like a house key that allows entrance to your home, in this case, your account.
So how does this hack work, upon launching the malware it will open up a so-called command prompt and display a text of “Starting game” and temporarily drop a file name “temp.ps1”. The malware checks what type of Discord you have, if it is Better Discord the malware will try to uninstall or disable it and relaunch discord to grab the Session Token ID.
With Better Discord you have a higher chance of escaping the malware, but you have to keep in mind that Better Discord is against the Discord Terms of Service so use Better Discord at your own risk and also be careful of what plugins and themes you install it.
When Discord restarts it will seem that nothing has happened at first. Give it some time and your account may be compromised and stolen. Once your account has been compromised or stolen if you have Discord Nitro contact your bank immediately to block your card and also contact Discord support as well to let them know your account has been compromised due to the malware.
But, however, there is a small antidote for this, you can block the malware server IP which is where the data is going to where the malware author or the person who is behind the hijacking can take control of your account, you will need to block the IP 185.174.136.84 in your firewall either it can be in your router settings or Linux firewall software or Windows firewall or other firewall software.
Update: Regarding the IP (185.174.136.84) has been fully suspended and terminated, but however as much the rumor is going around they are getting the new host the IP will be updated on this post once any news comes out!
(04.02.2022) Update: Since one of our staff member got hacked and was attempting to spread the file as much testing was made a new IP has been found for blacklisting 194.116.228.176.
(YouTube Link how to do it on Windows)
This video shows why sometimes Windows Firewall is going to be useful in these types of cases. It is really recommended to keep your Windows Firewall on at all times since it can provide security to your device.
If you happen to fall for the hack, regardless of having used the fix above, it could be possible the hacker might use another IP or you have fallen for a different hack by a different hacker, you should completely uninstall Discord, clear browser caches, and then restart your PC, worst case reset your PC by reinstalling the OS (Make sure to back up important information and files). On a different device (or until your PC has been restarted/reset), change your Discord password as soon as possible as this will change your Discord Token thus preventing the Hacker from being able to access your account.
If you are unsure if a file you have been sent is from your friend or a compromised account, ask questions that they and yourself would be aware of, such as how you met or maybe make an inside joke and see if it goes over their head, better yet get the individual to pop in VC (Voice Chat) to ensure it is actually them. Just be mindful, if a friend suddenly is able to program despite showing no interest in such.
It is recommended to quickly secure your account if you believe it is compromised, as the hacker may use your credit card information to resell Nitro or even possibly sell your Discord account. Not to mention further spread the hack to your friends who may be entirely unaware of this type of hack or just not alert. Something to be mindful of is sharing personal information over Discord as this can possibly allow the hacker to further hack other websites/applications you may use, which in turn, you should make sure to use different passwords for different sites, as if you use the same password across different programs or sites, hackers may try input these to hack your other accounts.
Material Resources:
https://www.howtogeek.com/781369/psa-if-someone-says-try-my-game-on-discord-say-no/
https://github.com/kem0x/Discord-Trojan-Research
For any more question feel free to contact me on discord!
Update: There is a new file name MoveWorldSetup.exe, for absolute safety measure wise just dont open any random executable files that you don't know.