Discord Webhooks used by novel KurayStealer malware builder

Cybercriminals have been leveraging the simple KurayStealer password-stealing malware builder to launch attacks targeted at Discord users, Threatpost reports. KurayStealer was observed by Uptycs threat analysts to replace the "api/webhooks" string in BetterDiscord with "Kisses" to establish webhooks, which would then enable the malware to begin searching for tokens, passwords, IP addresses, and other data in Google Chrome, Microsoft Edge, Discord, and other applications. Threat actor Portu, who has been advertising the malware builder on Discord, announced in late April the beginning of a new ransomware program, which prompted researchers to conclude that KurayStealer malware authors may be developing newer password stealers and malware. "Our research on KurayStealer backed with OSINT highlights the rise in prevalence of password stealers using Discord tokens as a C2 for harvesting the victims credentials. Enterprises must have tight security controls and multi-layered visibility and security solutions to identify and detect such attacks," said researchers.