A new family of ransomware targeting the cryptocurrency community has been detected.
Cybersecurity researchers at Cyble recently discovered a strain they dubbed "AXLocker" which, in addition to the usual encryption of all files on the device, also ends up stealing victims' Discord authentication tokens.
Discord is a communication platform that has been around for a while, but recently found new life in the cryptocurrency community. NFT projects, crypto tokens, and similar startups have chosen Discord as their preferred communication platform.
48 hours late
When a user logs into Discord, the platform installs a small token on the computer, so the user doesn't need to authenticate each time they return. Stealing this token would allow hackers to access the victim's account, even without knowing their passwords or other login information.
Other than that, AXLocker is nothing out of the ordinary. Once activated, the malware - opens in a new tab - targets specific file extensions and avoids certain folders. It encrypts the files using the AES algorithm, but does not change their extensions, they keep their normal file names. It requires payment in cryptocurrency and gives users 48 hours to comply.
While the NFT and crypto community is used to cyber attacks and various criminals taking advantage of their digital assets, stealing Discord tokens in the process makes this ransomware attack that much more powerful.
After all, if such a project owner or developer were to have their Discord tokens taken away, scammers could misuse their identity to launch fake campaigns and steal NFTs and cryptocurrency from community members.
However, according to BleepingComputer, AXLocker's targets are primarily consumers.
There was no information about the distribution method of AXLocker. Typically, threat actors use phishing emails, fake landing pages, and social engineering (false LinkedIn identities, for example) to trick people into downloading and running malware.
Via: BleepingComputer (Opens in a new tab)