I Think My Token Was Stolen (CosmicDriftTrojan)

ItsActuallyTJ · 2022 年 4 月 15 日午前 10:26

I think someone has my token
I need help making sure I’m clean, not too sure what to do to keep my acc safe

Someone had me download a game from a site, but the site looked clean, it was secure, TLD or whatever
but as I was installing, my discord logged out.
I immediately changed my password, which if I’m not mistaken, changes my token too.

VirusTotal says the file is clean, but the file reports back to an ip that leads to the domain superfuniestindianparty.rip
I searched that up and it looks like it was also used in a discord trojan attack, seen here
the download site (DO NOT TRUST): https://cosmicdrifts.tech/

Any help would be greatly appreciated!

OfclyGoodenough · 2022 年 4 月 15 日午前 11:40

Registered by Team Kevin in India via DotServe, Inc. on March 28, 2022 - Whois cosmicdrifts.tech

[color=#FF0000]VirusTotal (DETECTED BY KASPERSKY)[/color] - VirusTotal - File - 3c133cce56f0b79a4898d6b9642ae87a6771549dbf3d1f705909301ff7c19a5d

I AM UNABLE TO PERFORM AN ANY.RUN, AS THE DOMAIN ONLY ACCEPTS US IP ADDRESSES

Program contains UDS:Trojan-PSW.Win32.Disco, which is a type of ransomware designed to steal Discord tokens.

The domain superfuniestindianparty.rip actually redirects to iloveyoubby.ru, which is registered in the Russian Federation via RuCenter-Ru on February 18, 2022 - Whois iloveyoubby.ru

Associated Discord Server - Cosmic Drift (discord.com)

OWNERS:
Shoto#0009 (UID: 835365423893315634)
VIGI#6699 (UID: 928971744113463326)
KEvin#6699 (UID: 953495282753081394)

Associated Instagram Account (BANNED) - Page Not Found • Instagram

Associated YouTube Channel - https://videos.ctfassets.net/9tpgu2u9anrt/4DRmmCtZWQrBzxT4wdzKnz/9d1b70c1b31be6e2b3521dc423f05285/SP_thub_roll_B.mp4