Security News > 2022 > November > New ransomware encrypts files, then steals your Discord account

New ransomware encrypts files, then steals your Discord account
2022-11-20 15:07

The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users.

When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer.

As Discord has become the community of choice for NFT platforms and cryptocurrency groups, stealing a moderator token or other verified community member could allow threat actors to conduct scams and steal funds.

Researchers at Cyble recently analyzed a sample of the new AXLocker ransomware and discovered that it not only encrypts files but also steals a victim's Discord tokens.

When executed, the ransomware will target certain file extensions and exclude specific folders, as shown in the image below.

If you find that AxLocker encrypted your computer, you should immediately change your Discord password, as it will invalidate the token stolen by the ransomware.


News URL

https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/