Discord Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 30 May 2024 17:37:34 +0000 en-US hourly 1 https://wordpress.org/?v=77834 200474804 CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI https://gridinsoft.com/blogs/captcha-in-discord-and-ai/ https://gridinsoft.com/blogs/captcha-in-discord-and-ai/#respond Mon, 29 May 2023 09:51:36 +0000 https://gridinsoft.com/blogs/?p=14735 Users complain that the Discord CAPTCHA provided by hCaptcha forces them to look for non-existent objects created by AI in the provided photos. For example, an object called “Yoko”, which looks like a hybrid of a snail and a yo-yo, which is invented and created by AI and does not exist in reality. Let me… Continue reading CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI

The post CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI appeared first on Gridinsoft Blog.

]]>
Users complain that the Discord CAPTCHA provided by hCaptcha forces them to look for non-existent objects created by AI in the provided photos. For example, an object called “Yoko”, which looks like a hybrid of a snail and a yo-yo, which is invented and created by AI and does not exist in reality.

Let me remind you that we also wrote that GPT-4 Tricked a Person into Solving a CAPTCHA for Them by Pretending to Be Visually Impaired, and also that New hCaptcha bypass method may not affect Cloudflare’s security.

Discord CAPTCHA Created by AI Confuses Users

According to Vice Motherboard journalists, several people immediately complained on social networks about the strange object Yoko, which was required to be found among other photos to enter Discord.

CAPTCHA in Discord and AI

At the same time, other users found that they were asked to find images of a puzzle cube, which was also created by artificial intelligence and did not look too much like a real-life object. In addition, all the objects in the task look like they came straight from the Uncanny Valley.

CAPTCHA in Discord and AI

CAPTCHAs for Discord are provided by hCaptcha, and Discord representatives told reporters that the technology that generates these prompts “is the property of a third party partner and Discord does not directly determine what will be presented to users”. In turn, representatives of hCaptcha explained that what happened was “a short test that a small number of people saw.” Since hundreds of millions of users use the technology in total, even this “brief test” resulted in the tweets shown above.

The publication notes that hCaptcha positions itself as a privacy-focused alternative to reCAPTCHA. According to a 2018 blog post, hCaptcha prompts are self-generated by clients who need “high-quality, human-generated annotations for their machine learning needs.”

That is, hCaptcha makes money both from clients like Discord who buy professional and enterprise subscriptions to run CAPTCHA services, and from clients who create prompts. In fact, hCaptcha uses its own CAPTCHA for machine learning systems and generative adversarial networks.

And this is not the first time that people have noticed the appearance of strange images in hCaptcha services and note that the company apparently trains AI with the help of users. So, two months ago, a Reddit user noticed that Discord asked him to find among the images of people playing hockey and golf, football players, which was clearly created by artificial intelligence. In March, another Reddit user complained that Discord’s CAPTCHA had become almost unsolvable.

For example, in the “Choose a robot” task, any of the images looked like created by a person. I end up not getting an account verification email at all, even after all these hoop jumps. Seriously, blocking bots is fine, but trying to train AI with crappy CAPTCHA images is another thing.wrote the user FunnerThanUsual in the Discord subreddit.

CAPTCHA in Discord and AI

Journalists summarize that the work of hCaptcha is a prime example of the problems that arise with machine learning systems. The first is that AI systems require significant human input. For example, as a rule, indexing and categorization of images is transferred to outsourcers from developing countries, whose work is extremely poorly paid. Another problem is data drift: the longer machine learning systems work, the more data they need. Ultimately, they begin to use data that they themselves have generated for self-learning. And systems that train for a long enough time on themselves eventually come to the point that they issue requests for the definition of incomprehensible objects, like Yoko.

CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI

The post CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/captcha-in-discord-and-ai/feed/ 0 14735
Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer https://gridinsoft.com/blogs/stop-djvu-ransomware-discord-redline/ https://gridinsoft.com/blogs/stop-djvu-ransomware-discord-redline/#respond Tue, 02 Aug 2022 20:24:23 +0000 https://gridinsoft.com/blogs/?p=9807 An infamous STOP/Djvu ransomware adopted a new spreading tactic. According to the report of Avast Threat Labs, a malware intelligence group, ransomware distributors opted for Discord as a place to spread their malware. STOP/Djvu spreads in Discord, features RedStealer According to the latest notifications, STOP/Djvu ransomware is getting spread through the malicious spam messages in… Continue reading Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer

The post Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer appeared first on Gridinsoft Blog.

]]>
An infamous STOP/Djvu ransomware adopted a new spreading tactic. According to the report of Avast Threat Labs, a malware intelligence group, ransomware distributors opted for Discord as a place to spread their malware.

STOP/Djvu spreads in Discord, features RedStealer

According to the latest notifications, STOP/Djvu ransomware is getting spread through the malicious spam messages in Discord. Users who pretend to send something useful and want to share a 7zip file with malware. It is ciphered, but the password is very simple – 1234. That is a pretty typical action when users share something on social networks. However, inside this package, there is an executable file of Djvu malware – probably the .vveo and .vvew variants. The threat landscape touches users from Argentina, Vietnam, Turkey, and Brazil.

The exact file is additionally disguised – to lull the vigilance and avoid the detection of some basic anti-malware tools. It has an invalid AVG certificate embedded and AceCrypter protection, making it possible to pass the certificate-based check-ups. Such a tactic is pretty new for STOP/Djvu ransomware. Earlier, they were masking their malware by a specific repacking that required special database signatures to counteract. Is the certificate just an experimental feature or a new approach – only crooks know?

Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer

Spreading model is also worth a separate note. Before, the Djvu gang was reportedly creating fake one-day sites with torrent downloading of popular content. Popular films, sitcoms, and new games always have a suitable disguise. However, it is a common case for the group which applies a Ransomware-as-a-service scheme. One distribution team may test this spreading approach.

STOP/Djvu ransomware comes with RedLine stealer

Again, the supplementary spyware is not new for Djvu ransomware. Earlier versions of this malware were carrying the legendary Azorult spyware, which appeared in 2016. Since its adoption in 2020, STOP/Djvu group has stealthily grabbed the victims’ credentials to sell them later on the Darknet. RedLine is younger – it is active since 2020 – and has several unique features that possibly make it more desirable for the developers. Again, whether such a change is temporal or not is unclear – Azorult and RedLine have similar functionality. The worst part is that victims should still change all their passwords after the attack. Otherwise, they may uncover their accounts in social networks as a part of a botnet.

RedLine Stealer VirusTotal
RedLine Stealer detections on VirusTotal

What is STOP/Djvu ransomware?

This ransomware family is worth saying several words about. After appearing in 2017, this ransomware quickly gained a large share of the ransomware arena. It aims at individual users and asks for $450-$900 for file decryption. This ransomware uses an AES-256 cipher in CFB mode and the RSA algorithm. There are several possible solutions to decrypt the files after the STOP/Djvu ransomware attack, but most rely on exploiting the offline keys. The situations when your files are ciphered with online keys are likely unsolvable – unless you pay the ransom or have your files backed up. There is also the possibility of getting your files back after the gang dissolution – but such an occasion has a pretty low possibility. STOP/Djvu gang is running for too long to cease to exist; in the worst-case scenario, it will just decrease its activity.

The post Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/stop-djvu-ransomware-discord-redline/feed/ 0 9807
What is Discord virus? Investigating a new online fraud https://gridinsoft.com/blogs/discord-virus/ https://gridinsoft.com/blogs/discord-virus/#respond Thu, 11 Mar 2021 14:14:10 +0000 https://blog.gridinsoft.com/?p=5242 Discord virus is only the name of a spamming campaign that takes place on this communication platform. The exact type of malware you can get through these tricks may vary in an extensive range. Nonetheless, the fraudsters’ method to fool you cannot be named original. There are two well-distinguishable ways – thick and gentle. A… Continue reading What is Discord virus? Investigating a new online fraud

The post What is Discord virus? Investigating a new online fraud appeared first on Gridinsoft Blog.

]]>
Discord virus is another example of malware distribution through the social network. Just like another case, called Facebook virus, this one is performed in a popular communication platform. There are several differences between viruses spread on Facebook and through Discord, but let’s check all information step-by-step.

Explaining the Discord virus

Discord virus is only the name of a spamming campaign that takes place on this communication platform. The exact type of malware you can get through these tricks may vary in an extensive range. Nonetheless, the fraudsters’ method to fool you cannot be named original. There are two well-distinguishable ways – thick and gentle. A thick method is used in massive attacks. The possible victim receives a malicious link with a clickbait text from an unknown user. Because all such messages are suspicious, Discord additionally shows you the notification that it is dangerous to click the links and open the files received from unknown users. Nonetheless, the most careless people may be caught even in such an easy trap.

Discord virus
The example of virus distribution in Discord

Gentle method requires a server, where the fraudster makes an image of a typical user interested in a theme of discussion. Then he sends the same message as in the thick method but adds something attractive for other participants. Such a distribution requires social engineering skills, time, and patience. But the trust level of users is much higher, and in the case of large (200+ active participants), server virus distributors may hit the jackpot.

Important details: how the trust is established

You will barely distinguish a malware distributor among other users when he tries to commit a malicious link stuffing. And it is hard even to predict such behavior because of the specific audience present in Discord. This platform is generally used by gamers, programmers, and similar categories of users. They often need to deal with self-made programs, dubious applications, or other stuff, which often causes a hysterical reaction to antivirus tools. Hence, the requirement to disable the anti-malware software at the moment of program start or adding this app to the white list does not look suspicious.

But there are several moments which are not obvious for a new or not experienced user but can easily be refuted by advanced ones. A lot of Discord virus cases were conducted with sending a “free patch for Discord which will enable Nitro features without purchasing”. People who know how the Discord subscription model works will surely figure out this fake. Data about the account’s privileges are kept on a server handled by the developers of this program. You have paid for Discord Nitro is approved by the corresponding incoming payment. And there is no way to change this data and enable the feature for your account by cracking the client version of the application.

N.B. There are also several other variants of malware distribution in Discord, you can read about them here.

How dangerous the Discord virus is?

Not as dangerous as, for example, ransomware. This way of malware distribution is not anonymous. It will be straightforward for cyber police to track a user who spreads some dangerous malware. However, it is still nothing pleasant in coin miner, spyware, adware1 or any other malicious thing. Be very careful when making use of software that an unknown person recommends. The same instructions are for unnatural links, pretending to be downloading ones for some useful software.

The post What is Discord virus? Investigating a new online fraud appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/discord-virus/feed/ 0 5242