Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

The code decrypts a series of scripts that establish communication with a GitHub repository to download the final-stage payload, which leverages Discord webhooks to exfiltrate victim data.

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.

Creator Rob Laughter shared on Reddit that if you install and use ComfyUI_LLMVISION, your browser passwords, credit card information, and browsing history will be sent to a Discord server via webhook.

Threat actors are leveraging some incredibly useful features of Discord for malicious things, such as malware staging and data exfiltration.

The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password and IP address to a Discord channel controlled by the attacker.

Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application.