A dangerous ransomware is currently targeting Discord users. Unfortunately, the latter is not content to steal the victims’ data in order to make them pay a ransom. He is also able to take over their accounts, only to cause even more damage to the platform.
Due to its growing popularity, Discord has recently become a real nest of pirates. Navigating through the different servers can be very dangerous for the most careless users. Proof of this is a new ransomware spotted by the Cyble teams, which differs slightly from its congeners in a particularly dangerous feature: it can take control of an account.
Called AXLocker, the ransomware works more or less like the rest of its kind: it encrypts the data of the PC on which it is installed, then displays a notification window to warn the victim that his data is in the possession of hackers. To recover them, you must of course pay a ransom within 48 hours, at the risk of seeing everything deleted. But what the hackers don’t say is that they can also take over the victim’s account.
On the same subject: The CNIL fines Discord €800,000 for non-compliance with the GDPR
This terrible ransomware is rampant on Discord
Indeed, when a user connects to Discord, the application generates a token which is then stored on his PC. This token contains all the authentication information necessary to recover his account, or to execute commands capable of exfiltrating data relating to the user. It is therefore this token that AXLocker seeks to steal.
As Bleeping Computer notes, Discord has become the platform of choice for all cryptocurrency and NFT enthusiasts. Taking control of one of its accounts therefore allows hackers to distribute scams en masse that could cost their victims dearly. If AXLocker has taken your data, we strongly recommend that you immediately change your password, which will make the token unusable by hackers.
Source: Cyble