Why You Should Never Click Old Discord Invite Links
If you received a Discord invite link but never used it to join the server, don’t click it weeks or months later. As reported by Bleeping Computer , hackers have been reusing expired or deleted Discord invite links to deliver malware, including infostealers and keyloggers.
How Discord Links Spread Malware
The malware campaign, discovered by Check Point Research , exploits a vulnerability in how Discord handles invite links, which can be temporary or permanent, and for paid servers with a Tier 3 promotion status, customizable.
URLs for joining regular Discord servers are randomly generated and are unlikely to ever be repeated, but invite links, as well as expired temporary invite links and deleted permanent invite links, can be claimed and reused. Discord also allows uppercase invite codes to be reused in lowercase invite links as long as the original is still active.
This means that hackers can redirect users to malicious servers via links originating from legitimate Discord communities. These links are distributed on social media and official community websites.
When the user clicks on the stolen link, they are taken to a Discord server that appears to be genuine and asks them to verify their identity to unlock access. The verification link launches a ClickFix web page that indicates that the (fake) CAPTCHA has failed to load and prompts the user to “verify” manually by running a Windows command. This runs a PowerShell script that downloads and installs the malware.
The payload itself can include malware such as AsynchRAT, Skuld Stealer, and ChromeKatz, which allow keylogging, webcam or microphone access, and information theft to collect browser credentials, cookies, passwords, Discord tokens, and/or cryptocurrency wallet data.
According to Check Point’s analysis, the malware has numerous features that allow it to evade detection by antivirus tools. The report also notes that while Discord has taken steps to mitigate this particular campaign, there is still a risk of similar bots or alternative delivery methods emerging.
How to Avoid Malicious Discord Links
First of all, be wary of old Discord invite links, especially those posted on social media or forums weeks or months ago. (Discord’s temporary invite URLs can be set to expire in 30 minutes or up to seven days by default.) Don’t click on links from users you don’t know or trust, and request a new invite instead of relying on an old one.
You should be careful when dealing with verification requests, especially those that ask you to copy and run manual commands on your device. ClickFix attacks using fake CAPTCHA requests are common, and any verification that asks you to execute a Run command is not legitimate.
If you’re using a Discord server, use permanent invite links, which are harder to steal and repurpose than temporary or custom URLs.