Discord safety overview: June 2021

An in-depth article explaining new types of scams on Discord and how to avoid falling for them.

Long time no see, it's been a while but I'm here with another article - this time about Discord safety & security.

In this article:

  • What are the new steam scams and how to avoid them?
  • Token grabbers and how not to fall for one.
  • PNG images and intiviruses: The new danger of Discord.
  • Discord Nitro gift codes and their safety.

What are the new steam scams and how to avoid them?

The majority of you have probably already noticed, but there is a new type of scam going around Discord - I prepared an in-depth breakdown on how they work and how to avoid falling for one.

How do they spread?

It's quite simple really: They spread by many servers bruteforcing Discord tokens.
For those of you who don't know, bruteforcing is a way to gain access to a computer/account by "guessing" the password. Let's say you have one username for a website with no limit to how many times you can enter a password, there will be many servers trying combinations of passwords until they find the one matching the account password and gain access. Something similar is happening on Discord - many servers are sending randomly generated tokens, hoping they will find one that works and lets them login to an account bypassing 2FA.
Discord tokens are basically long values representing a "security" string that authorizes your account login.
This means there is no protection against becoming a "sender" of these scam links - it is based entirely on your luck.

What even are they and how to protect myself?

Now to the second part of the scam - these links are websites trying to get your account information - username and password.
It is actually very easy not to fall for this part of the scam.
First of all, spell-check the domain name. Most of the scam domains end with .ru and are spelled in a way that seem like a legitimate domain from Steam. The second dead giveaway is the page order - legitimate Steam trades will ALWAYS ask for your password before accessing the trade page.

Did you fall for one? Change your password as quickly as possible. If you only clicked, do not worry - as long as you don't give them your password, everything is ok.

List of known scam domains:

  • streamcormnnunity.ru.com
  • steancomunnity.ru
  • streamcommunnlty.ru
  • steamcommunytu.ru

We highly encourage you adding all of the domains above to blacklisted words on your server, to minimize the spread of these links.

Token grabbers and how not to fall for one.

As mentioned above, tokens are a way to login to your account without 2FA, password or email. With that said, they are very dangerous and many people will try to get your token using social engineering.

How to identify a token grabber?

It is very easy. They will usually come in various types: .py files, .js files, .exe files or even .jar files.

.py and .js can be easily identified, .jar is a little harder to do but still managable - .exe files will be very hard to identify for a regular person, so let's not focus on those. Do not download any .exe files from Discord!

Opening the files

.py and .js files can be easily opened in a code editor, or even notepad - be sure to always click "open with" or "open using" to avoid accidentally executing the file.

.jar files are compiled java directories, but they can still be opened and there are multiple ways to do so:

  1. The command method.
    • It is as simple as running this command in your CMD window:
      jar xf PATH-TO-JAR - you can find more info HERE
  2. The tool method.

Identifying grabber code

Token grabbers always have to access one specific folder, but it may be hidden in a way. This process is the same for all the file types, you can search all the files that contain text for this value: APPDATA
As I said before, it may be hidden (encrypted or hashed) so I prepared a list of the most common hashes used: You can find it here
All the strings to search for are divided by a line.

PNG images and intiviruses: The new danger of Discord.

The title might be confusing but don't worry, this will be just a quick mention and nothing included here actually harms your computer.

There are images going around Discord that have a specific "code" string embedded inside, which causes most antiviruses to trigger a warning message, this might not sound like something to worry about, but those trigger messages will be get spammed on your screen most of the time since Discord caches the image - to get rid of this, you will need to delete your cache and the image from the chat.

Discord Nitro gift codes and their safety.

Last but not least, a quick mention of the fact that there are dangers of Nitro codes. You may have experienced it yourself - you got gifted a nitro but it was already claimed, why? Well, the same way people bruteforce tokens, they generate massive amounts of nitro codes and try to claim them automatically, if you are unlucky, someone will generate and claim your nitro code before you do, which means you won't be able to claim it anymore.

That's all for this article, hopefully you learned something new.
Stay safe and don't hesitate to ask us if you have any questions:

Join our Discord