Discord Invite Links Hijacked to Spread Malware
Security researchers have uncovered a new malware campaign targeting crypto users through Discord—and it’s sneakier than most. Attackers are exploiting a quirk in Discord’s invite system to redirect users to malicious servers, where they’re hit with info-stealing malware like Skuld and AsyncRAT.
According to a report from Check Point, the hackers register vanity invite links—those custom, easy-to-remember URLs—to reroute unsuspecting users. The scary part? Even old, expired invite links shared on forums or social media can be hijacked. A link that once led to a legitimate server might now drop you into a trap.
How the Scam Works
The attackers use a mix of phishing tricks and multi-stage malware loaders to stay under the radar. Victims are lured into joining what looks like a normal Discord server, then asked to “verify” their identity. That’s where things go wrong. A bot directs them to a fake website, and before they know it, their system’s infected.
What’s unsettling is how simple the flaw is. Discord doesn’t let servers reclaim expired or deleted invite links—unless you’re using a custom vanity link. In those cases, old invite codes can sometimes be reused. Criminals are snatching them up, turning trusted links into weapons.
What the Malware Does
Once inside, the malware gets to work. Skuld, for instance, targets Exodus and Atomic crypto wallets, swiping seed phrases by injecting trojan-laced files. There’s also a Goland-based info-stealer pulling data from browsers, Discord, and even gaming platforms.
Check Point found another twist—the same group was spreading malware disguised as a tool for unlocking pirated software. That one’s been downloaded hundreds of times, mostly hitting users in the U.S., France, and the U.K.
A Growing Problem
This isn’t Discord’s first rodeo with scams. Last month, a similar phishing campaign used expired vanity links to drain crypto wallets. The platform’s invite system, meant for convenience, is becoming a weak spot.
Researchers warn that users should be wary of any Discord links, even from sources they trust. If a server asks for verification out of the blue, it’s probably a trap. And maybe—just maybe—double-check that invite before clicking.
