There is a new ransomware family called AXLocker that is not only encrypting victims’ files and demanding a ransom payment, but also stealing infected users’ Discord accounts.
This threat encrypts your data and steals Discord
That said, when a user enters Discord with their credentials, the platform sends back a user authentication token stored on the computer. This token can then be used to log in as a user or to issue requests that retrieve information about the associated account.
Actors of these threats often try to steal these tokens because it allows them to take over accounts or, even worse, abuse them for more malicious attacks.
As Discord has become a community of choice for NFT platforms and cryptocurrency groups, getting some attacks on this platform can lead criminals to get good amounts of money.
Investigators from security firm Cyble recently analyzed a sample of the new AXLocker ransomware. So they found out that it not only encrypts files but actually steals Discord tokens as well.
Like ransomware, there’s nothing particularly sophisticated about the malware.
When run, it targets certain file extensions and excludes specific folders.
Eventually, victims then receive a pop-up window containing the ransom note and informing them that their data has been encrypted. It also tells how to contact the author and get a decryptor.
When this happens, victims have 48 hours to contact the attackers, but the ransom is not mentioned in the notice.
While this ransomware is clearly targeting consumers rather than businesses, it can still pose a significant threat to larger communities.
Therefore, if you find that AxLocker has encrypted your computer, you should immediately change your Discord password.
While this may not help you recover your files, it will prevent further compromise of your accounts, data and the communities you are involved in.