The code decrypts a series of scripts that establish communication with a GitHub repository to download the final-stage payload, which leverages Discord webhooks to exfiltrate victim data.

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.

Creator Rob Laughter shared on Reddit that if you install and use ComfyUI_LLMVISION, your browser passwords, credit card information, and browsing history will be sent to a Discord server via webhook.

Threat actors are leveraging some incredibly useful features of Discord for malicious things, such as malware staging and data exfiltration.

A vulnerability in Discord invites can be leveraged as part of a "multi-stage payload delivery" system.

Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application.