Discord accounts are being compromised to spread malware to potential victims


A Discord friend of mine, therealswonk, just became victim to a new, dangerous form of phishing that involves using compromised accounts to spread malware to others under the guise of a game they just made, prompting victims to try it out and rate it.

The program in question, however, contains a variant of the AgentTesla trojan to steal other’s accounts and further spread the malware to other potential victims. Hackers also use the trojan to remotely execute code to affected PCs, leaving Swonk unable to uninstall it unless he changes the cmd line of the program’s “properties” tab.


hey also discord has warned about it i will also analyze and get the ip host of the trojan

thanks for the info

I have gotten 2 so far

Analyze is Done i Have Found the ip address of the app that is sending info to
but it might be spoofed because the ip shows that its from cloudfare so you cant do anythink
The Trojan Uses port 56724
The Trojan Used protocol TCP
the file description details:

File Name MyFristGame.exe
File Size 152 KiB
File Type Win32 EXE
File Type Extension exe
Mime Type application/octet-stream
Machine Type Intel 386 or later, and compatibles
Pe Type PE32
Linker Version 48
Code Size 145920
Os Version 4
File Version Number 633.857.113.734
Product Version Number 633.857.113.734
Language Code Neutral
Company Name RNGCryptoServiceProvider
Original File Name DispatchRuntime.exe
Legal Copyright Copyright RNGCryptoServiceProvider 2008
Product Name TaskItem UpdatePanelTrigger
This File is A Trojan Its A “Testla Trojan”

1 Like

I’ll look into this. Thanks for the info.

how do you look at that stuff? like the TCP? im in the process of learning haha


There’s a lot of software out there used for penetration testing, such as Wireshark or THC Hydra.

1 Like

The website was an XML file, and is sorta broken. There is no download for any malicious files, and the entire site seems to be down.

oh hey sorry i didnt see you
yeah the virus or trojan uses the protocol TCP I used To See it with some netstat/wireshark/windows event to be able to see the ip address that was hard because the trojan run for 1 or 2 second then it will auto stop