Warning for those using Discord
Several Discord Communities have been abusing it's features to RAT players. If you do not know the servers owner personally, I would advise to not join their server. Recently a Data dump on past...
Forum Discussion
@RichAC wrote:
@warslag wrote:
@RichAC wrote:
@warslag wrote:Thanks for sharing this information. Seems a bit bonkers though to be honest. 🤨
This is common and not surprising. I would take the advice. I got stories that would blow your mind though.
As long as those stories don't involve a fake beard, a tub of yoghurt and a cucumber.
over my head...
No clue here ether. Though Google comes up with some interesting recipes.
Bumping back to page 1. Last bump was 24 hours ago.
Please note, that even if you suspect your account has been hijacked via nefarious means, does not mean it will necessarily get unbanned. You will need to contact support, and plead your story to them. Only support can review your account and take any needed actions. No one on the forums is able to assist you with this issue.
Can you provide any sources relating to the claim that Discord is inherently flawed or insecure?
Genuinely curious as I've only seen you talking about it.
@the_ambieneer wrote:Can you provide any sources relating to the claim that Discord is inherently flawed or insecure?
Genuinely curious as I've only seen you talking about it.
Here's a small list of examples. Do note, these are some of the more common, and more visible methods. The hidden methods, or API methods have been left out for obvious reason. Nor does it cover using Discord as an Injector.
https://bestsecuritysearch.com/hackers-use-discord-app-deliver-malware/
https://www.2-spyware.com/remove-discord-virus.html
https://www.reddit.com/r/discordapp/comments/7fkpho/discord_accounts_being_hacked_and_sending_out/
https://www.pcrisk.com/removal-guides/13314-discord-trojan-virus
https://www.virusresearch.org/remove-discord-rat-trojan/
https://www.scmagazineuk.com/hackers-sow-discord-among-gamers/article/1476088
Just to list a few. And again, this is only for the more visible methods, the more nefarious methods wont be linked as you can do your own research.
Thank you for taking the time to reply.
Although, this doesn't seem any different than the way things happened back in the IRC days. Each of these articles seems to allude to the fact that attackers are just leveraging Discord to trick people rather than Discord being inherently flawed. This is not to say you're wrong for warning people, just that Discord as a service is NOT the culprit.
Your post is a good reminder for people to be aware of what they click on, but I don't think people need to avoid the platform altogether.
I agree with @the_ambieneer
Just use common sense online and don't click any suspicious links in general.
If they really want to hack a account they will succeed, no mater how hard you protect your account.
If you find any rule breaking action on discord (Discord user agreement).
This includes all forms of harassment & Cyber Crime.
Report this to there Trust & Safety Team
@the_ambieneer wrote:Thank you for taking the time to reply.
Although, this doesn't seem any different than the way things happened back in the IRC days. Each of these articles seems to allude to the fact that attackers are just leveraging Discord to trick people rather than Discord being inherently flawed. This is not to say you're wrong for warning people, just that Discord as a service is NOT the culprit.
Your post is a good reminder for people to be aware of what they click on, but I don't think people need to avoid the platform altogether.
As I said, these are just some of the more common visible methods. There are plenty others however:
@Zeelmaekers wrotedon't link any suspicious links in general.
I'd also rather not promote the other means.I'm quite interested in the security of the platform, as I use it frequently. You mention that there are "other" methods.
Have any of these been reported? If so, where are the details? Are there any relevant CVE's I should look at?
You can inform people about security concerns without "promoting" them.
meant click :3
Eddited my mistake.
I been using a pc since 1995, everything i read here so far have been used already back then, nothing changed.
One thing though is that just as back then, even today there is people who fall for thees tricks and i believe it is good to keep the awareness.
I would not say discord is the flaw here, it is the users who use discord.
I could blame google for being flawed, as some time ago in another online game i joined an event.
I was told to download an older version of ventrilo or teamspeak to be enable to join the voice chat.
So i did it by using google to search for the older version but they had done something so the first link looked like the real site but was actually a fake with a virus infected client.
So keep in mind that every time you download anything, use common sense and think twice.
Keep an eye out of anything that looks strange.
Before you click on any links, try throwing the url on google, dont open any of the hits you get but read the text under it, this saved my so many times from virus infected url.
@Fitcher86 wrote:I been using a pc since 1995, everything i read here so far have been used already back then, nothing changed.
One thing though is that just as back then, even today there is people who fall for thees tricks and i believe it is good to keep the awareness.
I would not say discord is the flaw here, it is the users who use discord.
I could blame google for being flawed, as some time ago in another online game i joined an event.
I was told to download an older version of ventrilo or teamspeak to be enable to join the voice chat.
So i did it by using google to search for the older version but they had done something so the first link looked like the real site but was actually a fake with a virus infected client.
So keep in mind that every time you download anything, use common sense and think twice.
Keep an eye out of anything that looks strange.
Before you click on any links, try throwing the url on google, dont open any of the hits you get but read the text under it, this saved my so many times from virus infected url.
Yes nothings changed. And nothing ever will until people change. Unfortunately people have only gotten worse.
You really have to trust who is running the discord server. Who is the admin, that is the guy with the most power in any service. As jungle eluded to the api can be abused. So thats why I always say only go to discord servers you know are being run by reputable people. And even then you are still taking a risk that they weren't compromised without their knowledge, since they are probably bigger targets.
And unlike in 1995, its not just what you click on nowadays. You won't only get viruses from porn pages, you get them from everywhere, without any user interaction necessary. So be careful of what you click, and what servers you join period.
I mean its so bad nowadays thats one reason why private dedicated servers have become a thing of the past.
as for clicking links definitely don't click anything without https. and copy and paste to the browser. don't actually click it.if interested in making your computer more secure check https://www.hardenwindows10forsecurity.com/
@the_ambieneer wrote:I'm quite interested in the security of the platform, as I use it frequently. You mention that there are "other" methods.
Have any of these been reported? If so, where are the details? Are there any relevant CVE's I should look at?
You can inform people about security concerns without "promoting" them.
here is an example. trendlabs has been working with discord to remove bad hosts.
Last tip in the article is hilarious to me "Always view messageboard posts, especially those asking you to try out cheat applications, with heavy skepticism"
My first thought when people complain about crashes and all these problems with their pc, is what kind of crap did they install on it lol...
I never crashed once in apex and my system isn't super high end. But I also don't install anything bootleg on my pc at all. Makes you wonder.There isn't really a link I can post without breaking the forum rules.
And I guess submitting a screenshot with a bunch of info blacked out would probably looks just as fishy.
The one thing I can inform you of, without the how to, or any technical information would be this:
Discord on it's own, just the standard program creates a DATA package of all it's users. Discord has constantly changed what they claim to be in this package, there current version is listed on this page: https://support.discordapp.com/hc/en-us/articles/360004957991-Your-Discord-Data-Package
You are freely allowed to request your "Modified" Data pack from Discord, which takes them a bit of time to EDIT before the give it to you.
However these DATA PACKS are freely available on some listed, and many non listed sites, and contain a LOT, I really mean A LOT, more information than Discord claims to have. Things like Paypal, Credit Cards, Emails, etc... have all been found withing these files.
You can basically assume that if Discord is installed, you are being Key logged. In it;s early days, Discord was so lazy, they even used a known Key logger rather then making there own integrated one, which they eventually switched to. In the early days, many Anti Virus programs picked up on this Key logger:
And yes Discord claims they do not Key log, however the unmodified End User Data Packs tend to prove otherwise.
For example this report which I've blacked some information on for obvious reasons:
This is just one of the issues with Discord, which they claim they don't do, then do do, then partially do, then don't do, then partially do etc... The rest I can't really go into detail with without giving to much information. However if you are really that concerned, it shouldn't take to much digging to find.
Nor does it cover BOTs, which anyone can freely edit or create for another list of headaches.
@RichAC wrote:
My first thought when people complain about crashes and all these problems with their pc, is what kind of crap did they install on it lol...
There could be a ton of reasons why someone may be crashing. In most cases I've been able to help with, it's generally because of Firewalls, old Drivers, or Windows needing to be updated.There are probably some cases where software conflicts may be the culprit, due to hidden processes, or conflicting processes. Though you can't really generalize it to what kind of crap they installed on it, especially when some people do a clean reformat, and still run into issues.
I understand where you are coming from though. If you install something sketchy, you don't know exactly what changes you are allowing it to make, thus resulting in larger potential for a compromised system.
@Jungle-Beard wrote:
@RichAC wrote:
My first thought when people complain about crashes and all these problems with their pc, is what kind of crap did they install on it lol...
There could be a ton of reasons why someone may be crashing. In most cases I've been able to help with, it's generally because of Firewalls, old Drivers, or Windows needing to be updated.There are probably some cases where software conflicts may be the culprit, due to hidden processes, or conflicting processes. Though you can't really generalize it to what kind of crap they installed on it, especially when some people do a clean reformat, and still run into issues.
I understand where you are coming from though. If you install something sketchy, you don't know exactly what changes you are allowing it to make, thus resulting in larger potential for a compromised system.
Keeping drivers up to date is always a good idea. Especially video drivers. Windows usually updates itself. So if it isn't updating, they borked their pc somehow. Probably by installing bad software. And I doubt firewall issues are most users problems. More like poor isp problems.
I have a strict firewall, I get a lost connection error every time I leave the game. I just ignore it, it affects nothing. I also can't bring up the server list unless I make the firewall even more strict.
Most people I've run into that crash, are too stubborn to lower graphics settings because they have high end pc's. Or because they install bootleg software on their pc like most gamers and wannabe hackers do. This has always been the case as long as I can remember.
I was just watching some random apex stream the other day. The dude crashes, I ask him if he lowered the settings. he tells me he shouldn't have to with his rig. So se la vie... que sera sera... can't help most of these people.
Being these are the dumbest gamers I've ever seen in my life, I'm not surprised all the complaints about crashes and hackers. The amount of people with legitimate gripes is very low imo.just don´t press on links, just don´t.
@HenxFTW wrote:just don´t press on links, just don´t.
In 2019, user action is not even necessary to be compromised. Just visiting a bad page can infect your pc without your interaction. Also don't download bootleg software, and even be skeptical of free software.
The less software you install on your pc the better period. Less attack vectors and less chance for conflicts.
Also in 2019, DON"T USE A VIRUS SCAN. They do more harm then good. They ruin your game performance and are just attack vectors themselves. Just use the one built into windows.
@RichAC wrote:
@HenxFTW wrote:just don´t press on links, just don´t.
In 2019, user action is not even necessary to be compromised. Just visiting a bad page can infect your pc without your interaction. Also don't download bootleg software, and even be skeptical of free software.
The less software you install on your pc the better period. Less attack vectors and less chance for conflicts.
Also in 2019, DON"T USE A VIRUS SCAN. They do more harm then good. They ruin your game performance and are just attack vectors themselves. Just use the one built into windows.is that so? didn´t know. i´ll blame my old age wich make gandalf young 😉
although i ment in Discord 🙂
- Yikes! I feel like to read this thread you must have a degree in computer programming. I'm glad I play on console!
@wrightjist wrote:
Yikes! I feel like to read this thread you must have a degree in computer programming. I'm glad I play on console!The sad part is, this is just basic level stuff. If I where to break down the Bots and API's it would get a lot more complicated.
Discord isn't just for PC ether, there is a Web Client and Mobile Client as well, that are equally as bad.
@HenxFTW wrote:
@RichAC wrote:
@HenxFTW wrote:just don´t press on links, just don´t.
In 2019, user action is not even necessary to be compromised. Just visiting a bad page can infect your pc without your interaction. Also don't download bootleg software, and even be skeptical of free software.
The less software you install on your pc the better period. Less attack vectors and less chance for conflicts.
Also in 2019, DON"T USE A VIRUS SCAN. They do more harm then good. They ruin your game performance and are just attack vectors themselves. Just use the one built into windows.is that so? didn´t know. i´ll blame my old age wich make gandalf young 😉
although i ment in Discord 🙂
Yes same goes for discord. Obviously more rare, but yes its possible you just connect to their server and boom you compromised. But we take chances with everything we do on pc and we can't live like monks. So I just recommend going to reputable servers.
@HenxFTW wrote:is that so? didn´t know. i´ll blame my old age wich make gandalf young 😉
although i ment in Discord 🙂
When it comes to this type of stuff, even a years time is long enough to get outdated. Everything moves insanely fast when it comes to software.Even when warned about it, people are still connecting to random servers, getting banned and posting "I got banned for no reason" threads.
You got banned for a reason, the reason being you just gave all your information up by joining [removed by Admin] or [ Removed by Admin] server.
That's right, you joined the server seeing it promoted all over the forums, and just got jacked. Next time head when someone tries and warns you. 😎
( Wow, can't even list servers without getting an admin edit ☹️ And yet they promote it on the same Apex Forums )
Most of the hacks use HWID spoofing. At some point, some poor souls who have the same HWID as a spoofed account using hacks is gonna get banned.
Community Highlights
- EA_Mako3 months ago
Community Manager
