Infected w malware
So I got hacked via discord, I know who did it, they don’t speak english, they bought boosts thru my account, got into my email, and infected me with a trojan malware, what can i do? The trojan is currently quarantined
22 Replies
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord
🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in <id:customize>
✅ You can mark a message as the answer for your post with
Right click -> Apps -> Mark Solution
(if you don't see the option, try refreshing Discord with Ctrl + R)There will be three things I recommend doing,
One is to make sure you have changed your password on Discord and make sure 2FA is enabled; below, I will link Discord resources on how to do that.
https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication
Second Regarding the malware, I would follow the procedures outlined in the CISA's resource I link below.
https://www.cisa.gov/sites/default/files/publications/trojan-recovery.pdf
Third, you can attempt to get your money back from the boosts by contacting Discord via a support request using the link below.
https://support.discord.com/hc/en-us/requests/new
Discord
Setting up Two-Factor Authentication
Two-Factor Authentication (2FA for short) is a good way to add an extra layer of security to your Discord account to make sure that only you have the ability to log in.
The Setup Process
Start by c...
Also outlined in that CISA document is some useful links to improve your personal security practices and prevent an incident like this again.
The thing, I have no idea how this even happened in the first place
As in how they breached your discord?
Yes
I’m currently in their discord
it’s all russian people
Have you downloaded any suspicious files or clicked any unusual links recently? One of the most common ways they gain access is by having you click a link that will grab your auth token, and they can use that to gain access without needing your password or 2FA. This is another excellent resource that outlines some of the ways people fraudulently gain access to your account.
https://discord.com/safety/360044104071-tips-against-spam-and-hacking
Tips to Prevent Spam and Hacking | Discord
Learn tips on how to protect your account against spam and hacking.
Nope. Been playing a game the past 5 hours. Then got logged out of my discord an hour ago
Should i press Action>remove ? it’s quarantined at the moment
I would focus on the remediation of the incident now and then read up on the best security practices from both the CISA document I shared and then discords blog post. And yes, I would do Action > Remove. I would also recommend following the rest of the steps outlined in the PDF
So after it’s removed, should i be good?
Already set up 2FA on discord and changed passwords to my email and discord
I cannot say whether your AV will have mitigated the issue wholly, you may be fine. But my recommendation is to follow all the steps ins the CISA doc for the best chance of complete eradication and recovery.
I scanned for threats, says no current threats, and says threat was removed
you think i’m still at risk?
It is possible. I cannot say for sure.
If you're worried about something more persistent that Windows Defender might not catch, using a second opinion scanner like NPE or Hitman Pro would be another safe option.
As for the account security, changing passwords, enabling 2fa, and following the above Discord recommendations are your best bet. Also stay away from those people
Never met them at all, just logged back into my discord and saw that i was in their discord, not able to read russian so I didn’t know what it was
People have had their Discord accounts receive warnings for being in servers associated with things that break TOS, so leaving that server would be recommended
Okay so, i’ve changed all passwords, set up 2FA, ran a security check, found a trojan, quarantined it, and removed it, ran a second check and no threats found
In reality am i safe ?
As DirtyJ said, your best bet is to run a second opinion scanner like NPE or Hitman Pro. Both are linked below. We can't guarantee anything, but after that, you should be good.
https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN
https://www.hitmanpro.com/en-us/downloads
Download and run Norton Power Eraser - Free virus and malware remov...
Norton Power Eraser (NPE) is a free virus removal tool for Windows. It detects and removes viruses, malwares, spywares, trojans and threats from your computer.
HitmanPro
Download HitmanPro and HitmanPro.Alert Malware Removal and Protecti...
Download HitmanPro to remove ransomware, malware, ad trackers and spyware from your windows machines. Get HitmanPro.Alert to provide continuous scanning in real time.
running a full system scan with norton aswell
the 2 suspicious files are safe, had them for awhile