Watch How Hackers hack your Discord account..

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

imagine that you receive a message like this claiming that you can get a free discard Nitro by clicking on the link would you click on it no not convincing enough what if it was sent to you by your best friend with whom you hang out every night on Discord playing video games would you click on it now or maybe you know that downloading random files to your computer is dangerous so you might choose to ignore it but what about this instead of sending you a file to download he sends you an invite to a server and claims that you can get a free Nitro by just joining the server when you join the server the server apparently has a verification process that is to be completed before you can access it as part of the verification you are asked to scan a QR code that is generated by the servers bot so would you go ahead and scan it with your Discord mobile app if your answer is yes then let me assure you your Discord account will be taken over as soon as you either download and open the file that your friend sent you or scan the innocent QR code to complete the quote-unquote verification on the server let me show you what actually happens under the hood and how hackers manage to do this but before that a quick message about the sponsors of this video this video is sponsored by appmysite.com with app my site you can easily convert your website into a native mobile application for both Android and iOS and the best thing is that you don't even have to write a single line of code to do this and it only takes 10 to 15 minutes to create your own app you can build your own app by just submitting your website URL choose your app's appearance like icon themes background etc etc choose what content from your website you want to display on your app and that's it the their AI powered app builder will build an app for you based on your choices for both Android and iOS you can then preview your app on a simulator or on your own real device and see how it turned out app my site also comes with a woocommerce integration plugin which makes converting your online store built with woocommerce into a native mobile application a smooth and quick process you can even integrate your app with Firebase to add more functionality to your app integrate chat system to chat with your app's users push notifications to your users and even monetize your app with Google admob all from within your app my site dashboard so go ahead and check out app my site the link will be in the description below in the first scenario where your friend sends you a file and asks you to download it the file is actually a malicious software or a malware in the context of Discord hacking it is called a token Grabber or a token stealer what it essentially does is that it steals a particular string that is associated with your Discord account called a token this token is kind of like a randomly generated secret code that gives you access to your Discord account and obviously when someone steals your token they also have access to your Discord account but what exactly is this token when you log into your Discord account with your email and password this card generates a random value called a token and sends it to you as a response to your login this token enables you to maintain your authentication with the Discord server without having to send your email and password with every request you send to discard in simple web development terms it is like a session ID that maintains your session on a web app so when you receive this token your Discord desktop app or your web browser depending on where you are using Discord will save this token in a local storage so that whenever you open Discord you will automatically be logged in without having to enter your email and password because this token can be used directly for authentication if you look at the source code of this malicious file there are different paths assigned to different Discord clients like this one right here is for the Discord desktop app and this one is for Opera browser and then Opera GX browser Google Chrome etc etc these parts are where your Discord token is saved on your local storage depending on which client you are using Discord on when the malware is executed by a victim it goes through each of these parts and searches for all the files for the extensions DOT log n dot ldb when it finds these files it uses a regular expression to match a particular pattern based on the match it extracts the token value which is initial actually in an encrypted state so it passes this encrypted token value into an AES decryption function along with the key which is also saved in the local storage in a file called local state once the token is decrypted it validates if this token is working logs into your account with the token and then extracts some information about your account like your saved billing information which contains your credit card information information about your multi-factor authentication etc etc and then it finally sends all these stolen details to the hacker and this is done via Discord webhooks so the hacker will receive a Discord message with all of your details and once the hacker has your token it is very easy for them to log into your Discord account the hacker can then write an automated script to log into your Discord account with your token and spread this malware by sending it to all the people in your friends list and all the servers that you join this means the message that you received from your friend which has the malware attachment is now forwarded to all your friends and all the servers that you joined and this is how the malware is spread to infect more people but you might be asking don't anti-virus softwares detect this and stop this token stealer from running on your computer and yes you are absolutely right any antivirus software including the pre-installed Windows Defender should be able to detect this file as malware and stops it from executing unless you are somehow tricked to turn off your antivirus but this is not going to be a big problem for the hackers because they use something known as a crypter that hides this malicious behavior of the malware and this enables it to bypass anti-virus detection a crypter basically encrypts the malicious file in this case the token stealer with a secret key before creating the malicious executable file when the file is executed the crypter loads up decrypts the malicious code using the secret key and then loads this malicious code into the memory and executes it directly this way anti-virus softwares cannot detect the malicious behavior of the file and one can easily buy this fully undetectable cryptos from various hacker forums and dark web forums and hey all of this can be avoided in the first place if you just ignore the message and not download any random file to your computer even though if it's coming from your best friend because from what we know it might be the hacker sending this message from your friend's account but what about the QR code thing how would that let hackers steal your token I mean you're not downloading any file you are just scanning a QR code this is called qrl jacking it is a very effective social engineering tactic used by hackers to exploit the wrong Assumption of users that scanning random QR codes cannot lead to anything bad if you go to the Discord login page you can log in using your email and password or you can even log in with a QR code all you have to do is just scan this generated QR code from your Discord mobile app and you will be authenticated just like that without having to enter your credentials a hacker can simply exploit this and write a simple script to take over your Discord account with URL checking first the script opens up an automated browser and goes to the discard login page which generates a unique Ur code to log in next it extracts this QR code from the web page and saves it as an image file finally the hacker or the script that the hacker wrote sends this QR code to you and tricks you into scanning it so when you scan it it is the hacker who is being logged into your account on his automated browser and once logged in it is very easy to extract the token because your account is logged in on the Hacker's browser so you can just extract the token from that automated browser so yeah just like that just by scanning a QR code your Discord account is hacked so I think there are two lessons that can be learned from this video number one do not download random files to your computer and open them even though it is sent to you by a person you know very well number two do not scan QR codes from untrusted sources as you just saw how bad that can be so that will be all for this video hope you liked it and hope you learned something new if you did like this video please do not forget to leave a thumbs up below and also leave a comment in the comment section if you are not yet a subscriber please do hit that subscribe button and also turn on the Bell icon to receive instant updates from my channel I'll see you in the next video Until Then cheers

Info

Channel: Tech Raj

Views: 279,117

Rating: undefined out of 5

Keywords: discord, discord hacking, discord token, ethical hacking, hacking for beginners, qrl jacking, discord qr code, discord qr code hack, discord qr hack, discord qr scam, tech raj, token stealer, token grabber, how to protect discord account from hackers, recover hacked discord account

Id: Z3lyynl7hP8

Channel Id: undefined

Length: 9min 17sec (557 seconds)

Published: Mon May 01 2023