Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File

Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security.

In a new threat discovered by cybersecurity firm Sublime Security, which was observed on the Microsoft 365 email platform, hackers are using a clever malware campaign to trick users with fake OneDrive emails.

In the research, shared with Hackread.com, the firm found that this sophisticated attack installs two separate remote-control programs on a victim’s computer, making it very difficult to stop.

Sublime Security’s AI-powered system detected the attack by spotting several subtle clues. These included the email claiming to share a file but being sent to an undisclosed recipient list, the misleading file extension (saying .docx but being a .msi), and the use of the free file hosting site.

Researchers found that the attack begins ...