{"id":13615,"date":"2025-08-08T08:00:13","date_gmt":"2025-08-08T05:00:13","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=13615"},"modified":"2025-08-08T08:00:13","modified_gmt":"2025-08-08T05:00:13","slug":"hijacked-discord-invite-links-for-multi-stage-malware-delivery","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/13615\/","title":{"rendered":"K\u00f6t\u00fc niyetli akt\u00f6rler Discord&#8217;un davet sistemini nas\u0131l kullan\u0131yor?"},"content":{"rendered":"<p>Sald\u0131rganlar, s\u00fcresi dolmu\u015f ve silinmi\u015f Discord davet ba\u011flant\u0131lar\u0131n\u0131 kullanarak iki t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131yor: Vir\u00fcs bula\u015fm\u0131\u015f bilgisayarlar\u0131n uzaktan kontrol\u00fcn\u00fc ele ge\u00e7irmek i\u00e7in AsyncRAT ve kripto c\u00fczdan verilerini \u00e7almak i\u00e7in Skuld Stealer. Bunu, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign\/\" target=\"_blank\" rel=\"nofollow noopener\">Discord\u2019un davet ba\u011flant\u0131s\u0131 sistemindeki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131p<\/a><u>,<\/u> kullan\u0131c\u0131lar\u0131 g\u00fcvenilir kaynaklardan k\u00f6t\u00fc niyetli sunuculara gizlice y\u00f6nlendirerek yap\u0131yorlar.<\/p>\n<p>Sald\u0131r\u0131, ClickFix tekni\u011fini, \u00e7ok a\u015famal\u0131 y\u00fckleyicileri ve ertelenmi\u015f y\u00fcr\u00fctmeyi kullanarak savunmalar\u0131 atlat\u0131yor ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 tespit edilmeden da\u011f\u0131t\u0131yor. Bu yaz\u0131; sald\u0131rganlar\u0131n davet ba\u011flant\u0131s\u0131 sisteminden nas\u0131l yararland\u0131klar\u0131n\u0131, ClickFix\u2019in ne oldu\u011funu ve neden kulland\u0131klar\u0131n\u0131 ve en \u00f6nemlisi bu tuza\u011fa nas\u0131l d\u00fc\u015f\u00fclmeyece\u011fini ayr\u0131nt\u0131l\u0131 olarak incelemektedir.<\/p>\n<h2>Discord davet ba\u011flant\u0131lar\u0131 nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n<p>\u0130lk olarak, Discord davet ba\u011flant\u0131lar\u0131n\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131na ve birbirlerinden nas\u0131l farkl\u0131 olduklar\u0131na bakal\u0131m. B\u00f6ylece, sald\u0131rganlar\u0131n Discord\u2019daki ba\u011flant\u0131 olu\u015fturma sisteminden yararlanmay\u0131 nas\u0131l \u00f6\u011frendiklerine dair bir fikir edinece\u011fiz.<\/p>\n<p>Discord davet ba\u011flant\u0131lar\u0131, kullan\u0131c\u0131lar\u0131n sunuculara kat\u0131lmak i\u00e7in kullanabilecekleri \u00f6zel URL\u2019lerdir. \u00dcyeleri manuel olarak eklemek zorunda kalmadan topluluklara eri\u015fimi basitle\u015ftirmek i\u00e7in y\u00f6neticiler taraf\u0131ndan olu\u015fturulurlar. Discord\u2019daki davet ba\u011flant\u0131lar\u0131 iki alternatif bi\u00e7ime sahip olabilir:<\/p>\n<ul>\n<li>https:\/\/discord.gg\/{davet_kodu}<\/li>\n<li>https:\/\/discord.com\/invite\/{invite_code}<\/li>\n<\/ul>\n<p>Biri internette son zamanlarda olduk\u00e7a pop\u00fclerle\u015fen bir alan ad\u0131 olmak \u00fczere, birden fazla formata sahip olmak, kullan\u0131c\u0131lar\u0131n zihninde kar\u0131\u015f\u0131kl\u0131\u011fa yol a\u00e7t\u0131\u011f\u0131 i\u00e7in g\u00fcvenlik a\u00e7\u0131s\u0131ndan en iyi \u00e7\u00f6z\u00fcm de\u011fildir. Hepsi bu kadar da de\u011fil. Discord davet ba\u011flant\u0131lar\u0131n\u0131n da \u00f6zellikleri bak\u0131m\u0131ndan birbirinden \u00f6nemli \u00f6l\u00e7\u00fcde farkl\u0131l\u0131k g\u00f6steren \u00fc\u00e7 ana t\u00fcr\u00fc vard\u0131r:<\/p>\n<ul>\n<li>Ge\u00e7ici davet ba\u011flant\u0131lar\u0131<\/li>\n<li>Kal\u0131c\u0131 davet ba\u011flant\u0131lar\u0131<\/li>\n<li>\u00d6zel davet ba\u011flant\u0131lar\u0131 (ki\u015fiselle\u015ftirilmi\u015f URL\u2019ler)<\/li>\n<\/ul>\n<p>\u0130lk t\u00fcrdeki ba\u011flant\u0131lar <a href=\"https:\/\/support.discord.com\/hc\/tr\/articles\/208866998-Davetiyeler-101\" target=\"_blank\" rel=\"nofollow noopener\">Discord\u2019un varsay\u0131lan olarak olu\u015fturdu\u011fu<\/a> ba\u011flant\u0131lard\u0131r. Ayr\u0131ca, Discord uygulamas\u0131nda sunucu y\u00f6neticisi; 30 dakika, 1 saat, 6 saat, 12 saat, 1 g\u00fcn veya 7 g\u00fcn (varsay\u0131lan se\u00e7enek) gibi sabit davet ge\u00e7erlilik s\u00fcreleri se\u00e7ene\u011fine sahiptir. Discord API arac\u0131l\u0131\u011f\u0131yla olu\u015fturulan ba\u011flant\u0131lar i\u00e7in 7 g\u00fcne kadar herhangi bir de\u011fer olarak \u00f6zel bir sona erme s\u00fcresi ayarlanabilir.<\/p>\n<p>Ge\u00e7ici davet ba\u011flant\u0131lar\u0131 i\u00e7in kodlar rastgele olu\u015fturulur ve genellikle b\u00fcy\u00fck ve k\u00fc\u00e7\u00fck harflerin yan\u0131 s\u0131ra say\u0131lar da dahil olmak \u00fczere 7 veya 8 karakter i\u00e7erir. Ge\u00e7ici ba\u011flant\u0131 \u00f6rnekleri:<\/p>\n<ul>\n<li>https:\/\/discord.gg\/a7X9pLd<\/li>\n<li>https:\/\/discord.gg\/fq5zw2cn<\/li>\n<\/ul>\n<p>Kal\u0131c\u0131 bir davet ba\u011flant\u0131s\u0131 olu\u015fturmak i\u00e7in sunucu y\u00f6neticisinin <em>Sona Erme S\u00fcresi<\/em> alan\u0131nda <em>Asla<\/em> se\u00e7ene\u011fini manuel olarak se\u00e7mesi gerekir. Kal\u0131c\u0131 davet kodlar\u0131, yine b\u00fcy\u00fck ve k\u00fc\u00e7\u00fck harfler ve rakamlardan meydana gelen 10 rastgele karakterden olu\u015fur. Kal\u0131c\u0131 ba\u011flant\u0131 \u00f6rne\u011fi:<\/p>\n<ul>\n<li>https:\/\/discord.gg\/hT9aR2kLmB<\/li>\n<\/ul>\n<p>Son olarak, <a href=\"https:\/\/support.discord.com\/hc\/tr\/articles\/115001542132-Sunucu-%C3%96zel-URL-leri\" target=\"_blank\" rel=\"nofollow noopener\">\u00f6zel davet ba\u011flant\u0131lar\u0131 (ki\u015fiselle\u015ftirilmi\u015f ba\u011flant\u0131lar)<\/a> yaln\u0131zca Discord Seviye 3 sunucular\u0131nda kullan\u0131labilir. Bu seviyeye ula\u015fmak i\u00e7in bir sunucu, topluluk \u00fcyelerinin \u00f6zel avantajlar\u0131n kilidini a\u00e7mak i\u00e7in sat\u0131n alabilecekleri \u00fccretli y\u00fckseltmeler olan <a href=\"https:\/\/support.discord.com\/hc\/tr\/articles\/360028038352-Sunucu-Takviyesi-Hakk%C4%B1nda-SSS\" target=\"_blank\" rel=\"nofollow noopener\">14 destek almal\u0131d\u0131r<\/a>. Bu nedenle blog yazarlar\u0131, yay\u0131nc\u0131lar, oyun klanlar\u0131 veya halka a\u00e7\u0131k projelerin sunucular\u0131 gibi aktif bir kitleye sahip pop\u00fcler topluluklar genellikle Seviye 3\u2019e ula\u015f\u0131r.<\/p>\n<p>\u00d6zel davet ba\u011flant\u0131lar\u0131, y\u00f6neticilerin t\u00fcm sunucular aras\u0131nda benzersiz olmas\u0131 gereken kendi davet kodlar\u0131n\u0131 belirlemelerine olanak tan\u0131r. Kod k\u00fc\u00e7\u00fck harfler, rakamlar ve k\u0131sa \u00e7izgiler i\u00e7erebilir ve 2 ila 32 karakter aras\u0131nda neredeyse iste\u011fe ba\u011fl\u0131 uzunlukta olabilir. Bir sunucu herhangi bir zamanda yaln\u0131zca bir \u00f6zel ba\u011flant\u0131ya sahip olabilir.<\/p>\n<p>Bu t\u00fcr ba\u011flant\u0131lar her zaman kal\u0131c\u0131d\u0131r. Sunucu Seviye 3 avantajlar\u0131n\u0131 korudu\u011fu s\u00fcrece s\u00fcreleri dolmaz. Sunucu bu seviyesini kaybederse, ki\u015fisel ba\u011flant\u0131s\u0131 gerekli seviyeye sahip ba\u015fka bir sunucu taraf\u0131ndan yeniden kullan\u0131labilir hale gelir. \u00d6zel davet ba\u011flant\u0131s\u0131 \u00f6rnekleri:<\/p>\n<ul>\n<li>https:\/\/discord.gg\/alanna-titterington<\/li>\n<li>https:\/\/discord.gg\/best-discord-server-ever<\/li>\n<li>https:\/\/discord.gg\/fq5zw2cn<\/li>\n<\/ul>\n<p>Bu son \u00f6rnekten yola \u00e7\u0131karak dikkatli okuyucular nereye gitti\u011fimizi tahmin edebilirler.<\/p>\n<h2>Doland\u0131r\u0131c\u0131lar davetiye sistemini nas\u0131l istismar ediyor?<\/h2>\n<p>Farkl\u0131 Discord davet ba\u011flant\u0131lar\u0131n\u0131 inceledi\u011fimize g\u00f6re \u015fimdi de k\u00f6t\u00fc niyetli akt\u00f6rlerin bu mekanizmay\u0131 nas\u0131l silah olarak kulland\u0131\u011f\u0131n\u0131 g\u00f6relim. Normal, <em>\u00f6zel olmayan<\/em> bir davet ba\u011flant\u0131s\u0131n\u0131n s\u00fcresi doldu\u011funda veya silindi\u011finde, t\u00fcm kodlar rastgele olu\u015fturuldu\u011fundan ge\u00e7erli bir sunucunun y\u00f6neticisinin ayn\u0131 kodu tekrar alamayaca\u011f\u0131n\u0131 unutmay\u0131n.<\/p>\n<p>Ancak <em>\u00f6zel<\/em> bir davet ba\u011flant\u0131s\u0131 olu\u015ftururken sunucu sahibi, daha \u00f6nce s\u00fcresi dolmu\u015f veya silinmi\u015f bir ba\u011flant\u0131n\u0131n koduyla e\u015fle\u015fen bir kod da dahil olmak \u00fczere mevcut herhangi bir kodu manuel olarak girebilir.<\/p>\n<p>Sald\u0131rganlar davet sisteminin bu \u00f6zelli\u011finden faydalan\u0131yorlar: S\u00fcresi dolan ger\u00e7ek kodlar\u0131 takip ediyor, ard\u0131ndan bunlar\u0131 Seviye 3 avantajlar\u0131yla sunucular\u0131nda \u00f6zel ba\u011flant\u0131lar olarak kaydediyorlar.<\/p>\n<p>Sonu\u00e7 olarak doland\u0131r\u0131c\u0131lar \u015funlar\u0131 kullanabilir:<\/p>\n<ul>\n<li>S\u00fcresi dolan ge\u00e7ici davet ba\u011flant\u0131lar\u0131: S\u00fcresi dolan ba\u011flant\u0131da b\u00fcy\u00fck harfler olsa ve doland\u0131r\u0131c\u0131lar\u0131n \u00f6zel URL\u2019si bunlar\u0131 k\u00fc\u00e7\u00fck harflerle de\u011fi\u015ftirse bile, sistem kullan\u0131c\u0131y\u0131 otomatik olarak bu g\u00f6steri\u015fli URL\u2019ye y\u00f6nlendirir.<\/li>\n<li>Sunuculardan silinmi\u015f kal\u0131c\u0131 davet ba\u011flant\u0131lar\u0131: Kod yaln\u0131zca k\u00fc\u00e7\u00fck harf ve rakamlardan olu\u015fuyorsa (burada y\u00f6nlendirme yoktur).<\/li>\n<li>\u00d6zel davet ba\u011flant\u0131lar\u0131: Orijinal sunucu Seviye 3 avantajlar\u0131n\u0131 kaybetmi\u015fse ve ba\u011flant\u0131s\u0131 yeniden kay\u0131t i\u00e7in uygunsa.<\/li>\n<\/ul>\n<p>Bu ikame neye yol a\u00e7\u0131yor? Sald\u0131rganlar, daha \u00f6nce tamamen me\u015fru kaynaklarda (sosyal a\u011flar, web siteleri, bloglar ve \u00e7e\u015fitli topluluklar\u0131n forumlar\u0131) yay\u0131nlanan ba\u011flant\u0131lar\u0131 takip eden kullan\u0131c\u0131lar\u0131 Discord\u2019daki kendi k\u00f6t\u00fc ama\u00e7l\u0131 sunucular\u0131na y\u00f6nlendirebilme yetene\u011fine sahip olurlar.<\/p>\n<p>Dahas\u0131, bu kaynaklar\u0131n yasal sahipleri, eski davet ba\u011flant\u0131lar\u0131n\u0131n art\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131tmak i\u00e7in kurulmu\u015f sahte Discord sunucular\u0131na i\u015faret etti\u011finin fark\u0131nda bile olmayabilirler. Bu, kullan\u0131c\u0131lar\u0131 bir ba\u011flant\u0131n\u0131n tehlikeli oldu\u011fu konusunda uyaramayacaklar\u0131 ya da bu ba\u011flant\u0131n\u0131n yer ald\u0131\u011f\u0131 mesajlar\u0131 silemeyecekleri anlam\u0131na gelir.<\/p>\n<h2>Discord tabanl\u0131 sald\u0131r\u0131larda ClickFix nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n<p>\u015eimdi g\u00fcvenilir kaynaklardan al\u0131nan ele ge\u00e7irilmi\u015f davet ba\u011flant\u0131lar\u0131n\u0131 takip eden kullan\u0131c\u0131lara ne oldu\u011fu hakk\u0131nda konu\u015fal\u0131m. Kullan\u0131c\u0131, sald\u0131rganlar\u0131n Discord sunucusuna kat\u0131ld\u0131ktan sonra, <em>do\u011frulama<\/em> ad\u0131 verilen bir kanal d\u0131\u015f\u0131nda t\u00fcm kanallar\u0131n kendisine a\u00e7\u0131k olmad\u0131\u011f\u0131n\u0131 g\u00f6r\u00fcr.<\/p>\n<div id=\"attachment_13620\" style=\"width: 1417px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074246\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-1.jpeg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13620\" class=\"size-full wp-image-13620\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074246\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-1.jpeg\" alt=\"K\u00f6t\u00fc niyetli Discord sunucusu \" width=\"1407\" height=\"899\"><\/a><p id=\"caption-attachment-13620\" class=\"wp-caption-text\">Sald\u0131rganlar\u0131n Discord sunucusunda, ele ge\u00e7irilen ba\u011flant\u0131y\u0131 takip eden kullan\u0131c\u0131lar\u0131n yaln\u0131zca bir kanala eri\u015fimi vard\u0131r, do\u011frulay\u0131n <a href=\"https:\/\/research.checkpoint.com\/2025\/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery\/\" target=\"_blank\" rel=\"nofollow noopener\">Kaynak<\/a><\/p><\/div>\n<p>Bu kanalda sunucuya tam eri\u015fim sa\u011flayan Safeguard adl\u0131 bir bot bulunmaktad\u0131r. Bunu elde etmek i\u00e7in kullan\u0131c\u0131n\u0131n <em>Do\u011frula<\/em> d\u00fc\u011fmesine t\u0131klamas\u0131 ve ard\u0131ndan botu yetkilendirmek i\u00e7in bir istem gelmesi gerekir.<\/p>\n<div id=\"attachment_13621\" style=\"width: 862px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074337\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-2.jpeg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13621\" class=\"size-full wp-image-13621\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074337\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-2.jpeg\" alt=\"Safeguard botunun yetkilendirme penceresi \" width=\"852\" height=\"1122\"><\/a><p id=\"caption-attachment-13621\" class=\"wp-caption-text\">Do\u011frula d\u00fc\u011fmesine t\u0131kland\u0131\u011f\u0131nda, kullan\u0131c\u0131 otomatik olarak sald\u0131rganlar\u0131n harici sitesine y\u00f6nlendirilir ve burada sald\u0131r\u0131n\u0131n bir sonraki ve en \u00f6nemli a\u015famas\u0131 ba\u015flar. <a href=\"https:\/\/research.checkpoint.com\/2025\/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery\/\" target=\"_blank\" rel=\"nofollow noopener\">Kaynak<\/a><\/p><\/div>\n<p>Yetkilendirmeden sonra bot profil bilgilerine (kullan\u0131c\u0131 ad\u0131, avatar, banner) eri\u015fim kazan\u0131r ve kullan\u0131c\u0131 harici bir siteye y\u00f6nlendirilir: https:\/\/captchaguard<strong>[.]<\/strong>me. Ard\u0131ndan, kullan\u0131c\u0131 bir y\u00f6nlendirmeler zincirinden ge\u00e7er ve Discord arabirimini taklit eden, ortas\u0131nda bir <em>Do\u011frula<\/em> d\u00fc\u011fmesi bulunan iyi tasarlanm\u0131\u015f bir web sayfas\u0131na ula\u015f\u0131r.<\/p>\n<div id=\"attachment_13622\" style=\"width: 1490px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074437\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-3.jpeg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13622\" class=\"size-full wp-image-13622\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074437\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-3.jpeg\" alt=\"Harici bir sitede sahte do\u011frulama ekran\u0131 \" width=\"1480\" height=\"1078\"><\/a><p id=\"caption-attachment-13622\" class=\"wp-caption-text\">Yeniden y\u00f6nlendirme, kullan\u0131c\u0131y\u0131 Discord arabirimi gibi g\u00f6r\u00fcnecek \u015fekilde tasarlanm\u0131\u015f sahte bir sayfaya g\u00f6t\u00fcr\u00fcr. Do\u011frula d\u00fc\u011fmesine t\u0131kland\u0131\u011f\u0131nda, PowerShell komutunu panoya kopyalayan k\u00f6t\u00fc ama\u00e7l\u0131 JavaScript kodu etkinle\u015ftirilir <a href=\"https:\/\/research.checkpoint.com\/2025\/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery\/\" target=\"_blank\" rel=\"nofollow noopener\">Kaynak<\/a><\/p><\/div>\n<p><em>Do\u011frula<\/em> d\u00fc\u011fmesine t\u0131kland\u0131\u011f\u0131nda, k\u00f6t\u00fc ama\u00e7l\u0131 bir PowerShell komutunu panoya kopyalayan JavaScript kodu etkinle\u015ftirilir. Ard\u0131ndan kullan\u0131c\u0131ya \u201ckontrol\u00fc nas\u0131l ge\u00e7ece\u011fi\u201d konusunda kesin talimatlar verilir: <em>\u00c7al\u0131\u015ft\u0131r<\/em> penceresini a\u00e7\u0131n (Win + R), panoya al\u0131nan metni yap\u0131\u015ft\u0131r\u0131n (Ctrl + V) ve Enter\u2019a t\u0131klay\u0131n.<\/p>\n<div id=\"attachment_13623\" style=\"width: 850px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074530\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-4.jpeg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13623\" class=\"size-full wp-image-13623\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/08\/08074530\/hijacked-discord-invite-links-for-multi-stage-malware-delivery-4.jpeg\" alt=\"Discord ba\u011flant\u0131lar\u0131n\u0131 kullanan korsanlar taraf\u0131ndan uygulanan ClickFix tekni\u011fi\" width=\"840\" height=\"849\"><\/a><p id=\"caption-attachment-13623\" class=\"wp-caption-text\">Ard\u0131ndan ClickFix tekni\u011fi gelir: Kullan\u0131c\u0131dan bir \u00f6nceki ad\u0131mda panoya kopyalanan k\u00f6t\u00fc ama\u00e7l\u0131 komutu yap\u0131\u015ft\u0131rmas\u0131 ve \u00e7al\u0131\u015ft\u0131rmas\u0131 istenir. <a href=\"https:\/\/research.checkpoint.com\/2025\/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery\/\" target=\"_blank\" rel=\"nofollow noopener\">Kaynak<\/a><\/p><\/div>\n<p>Site, kullan\u0131c\u0131dan herhangi bir dosyay\u0131 manuel olarak indirmesini veya \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 istemez, b\u00f6ylece tipik uyar\u0131 i\u015faretlerini ortadan kald\u0131r\u0131r. Bunun yerine, kullan\u0131c\u0131lar sitenin panoya yerle\u015ftirdi\u011fi k\u00f6t\u00fc niyetli bir PowerShell komutunu \u00e7al\u0131\u015ft\u0131rarak kendilerine vir\u00fcs bula\u015ft\u0131r\u0131r. T\u00fcm bu ad\u0131mlar, <a href=\"https:\/\/www.kaspersky.com\/blog\/what-is-clickfix\/53348\/\" target=\"_blank\" rel=\"noopener nofollow\">blogumuzda daha \u00f6nce derinlemesine ele ald\u0131\u011f\u0131m\u0131z<\/a> ClickFix adl\u0131 bir bula\u015fma takti\u011finin par\u00e7as\u0131d\u0131r.<\/p>\n<h2>AsyncRAT ve Skuld Stealer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131<\/h2>\n<p>Kullan\u0131c\u0131 taraf\u0131ndan etkinle\u015ftirilen PowerShell beti\u011fi, k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fck\u00fcn \u00e7ok a\u015famal\u0131 da\u011f\u0131t\u0131m\u0131nda ilk ad\u0131md\u0131r. Sald\u0131rganlar\u0131n bir sonraki hedefi kurban\u0131n cihaz\u0131na iki k\u00f6t\u00fc ama\u00e7l\u0131 program y\u00fcklemektir. \u015eimdi bunlar\u0131n her birine daha yak\u0131ndan bakal\u0131m.<\/p>\n<p>\u0130lk olarak, sald\u0131rganlar vir\u00fcsl\u00fc sistem \u00fczerinde uzaktan kontrol sa\u011flamak i\u00e7in AsyncRAT\u2019in de\u011fi\u015ftirilmi\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc indirirler. Bu ara\u00e7 \u00e7ok \u00e7e\u015fitli yetenekler sunar: Komutlar\u0131 ve komut dosyalar\u0131n\u0131 y\u00fcr\u00fctme, tu\u015f vuru\u015flar\u0131n\u0131 yakalama, ekran\u0131 g\u00f6r\u00fcnt\u00fcleme, dosyalar\u0131 y\u00f6netme ve uzak masa\u00fcst\u00fcne ve kameraya eri\u015fme.<\/p>\n<p>Daha sonra, siber su\u00e7lular kurban\u0131n cihaz\u0131na Skuld Stealer\u2019\u0131 y\u00fckler. Bu kripto h\u0131rs\u0131z\u0131 sistem bilgilerini toplar, Discord oturum a\u00e7ma kimlik bilgilerini ve taray\u0131c\u0131da kay\u0131tl\u0131 kimlik do\u011frulama tokenlerini sifonlar ve en \u00f6nemlisi, do\u011frudan arabirimlerine k\u00f6t\u00fc ama\u00e7l\u0131 kod enjekte ederek Exodus ve Atomic kripto c\u00fczdanlar\u0131 i\u00e7in kurtarma ifadelerini ve parolalar\u0131n\u0131 \u00e7alar.<\/p>\n<p>Skuld, toplanan t\u00fcm verileri <a href=\"https:\/\/support.discord.com\/hc\/tr\/articles\/228383668-Webhooklara-Giri%C5%9F\" target=\"_blank\" rel=\"nofollow noopener\">Discord webhook<\/a> arac\u0131l\u0131\u011f\u0131yla g\u00f6nderir. Discord webhook, uygulamalar\u0131n Discord kanallar\u0131na otomatik olarak mesaj g\u00f6ndermesini sa\u011flayan tek y\u00f6nl\u00fc bir HTTP kanal\u0131d\u0131r. Bu, karma\u015f\u0131k bir y\u00f6netim altyap\u0131s\u0131na ihtiya\u00e7 duymadan Discord\u2019da do\u011frudan bilgi \u00e7almak i\u00e7in g\u00fcvenli bir yol sa\u011flar.<\/p>\n<p>Sonu\u00e7 olarak, parolalardan kimlik do\u011frulama tokenlerine ve kripto c\u00fczdan kurtarma ifadeleri dahil olmak \u00fczere t\u00fcm veriler, sald\u0131rganlar\u0131n Discord sunucusunda \u00f6nceden ayarlanm\u0131\u015f \u00f6zel bir kanalda otomatik olarak yay\u0131nlan\u0131r. Kurtarma ifadeleriyle donanm\u0131\u015f sald\u0131rganlar, ele ge\u00e7irdikleri c\u00fczdanlar\u0131n t\u00fcm \u00f6zel anahtarlar\u0131n\u0131 kurtarabilir ve kurbanlar\u0131n\u0131n t\u00fcm kripto para varl\u0131klar\u0131 \u00fczerinde tam kontrol elde edebilirler.<\/p>\n<h2>Kurban olmaktan nas\u0131l ka\u00e7\u0131n\u0131l\u0131r?<\/h2>\n<p>Ne yaz\u0131k ki Discord\u2019un davet sistemi \u015feffafl\u0131k ve netlikten yoksundur. Bu da, \u00f6zellikle yeni ba\u015flayanlar i\u00e7in, ele ge\u00e7irilmi\u015f bir ba\u011flant\u0131ya t\u0131klamadan \u00f6nce ve yeniden y\u00f6nlendirme i\u015flemi s\u0131ras\u0131nda hileyi fark etmeyi son derece zorla\u015ft\u0131r\u0131r.<\/p>\n<p>Bununla birlikte, do\u011fru \u015fekilde yap\u0131ld\u0131\u011f\u0131 takdirde en k\u00f6t\u00fc sonucu, yani k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fm\u0131\u015f bir bilgisayar ve mali kay\u0131plar\u0131 \u00f6nleyecek baz\u0131 g\u00fcvenlik \u00f6nlemleri vard\u0131r:<\/p>\n<ul>\n<li>Tam olarak ne i\u015fe yarad\u0131\u011f\u0131n\u0131 bilmiyorsan\u0131z asla <em>\u00c7al\u0131\u015ft\u0131r<\/em> penceresine kod yap\u0131\u015ft\u0131rmay\u0131n. Bunu yapmak son derece tehlikelidir ve normal siteler asla b\u00f6yle bir talimat vermez.<\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/discord-privacy-security\/38546\/\" target=\"_blank\" rel=\"noopener nofollow\">Ayr\u0131nt\u0131l\u0131 k\u0131lavuzumuzu<\/a> takip ederek Discord gizlili\u011fini ve g\u00fcvenli\u011fini yap\u0131land\u0131r\u0131n. Bu, ele ge\u00e7irilmi\u015f davet ba\u011flant\u0131lar\u0131na kar\u015f\u0131 koruma sa\u011flamayacak, ancak Discord ile ili\u015fkili di\u011fer riskleri en aza indirecektir.<\/li>\n<li>Tehlike konusunda \u00f6nceden uyar\u0131 veren ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n indirilmesini engelleyen <a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a>\u00a0kullan\u0131n; \u00f6zellikle kripto c\u00fczdanlar\u0131 ve di\u011fer finansal yaz\u0131l\u0131mlar\u0131 kulland\u0131\u011f\u0131n\u0131z cihazlar olmak \u00fczere t\u00fcm cihazlara y\u00fcklemek en iyisidir.<\/li>\n<\/ul>\n<blockquote><p>K\u00f6t\u00fc niyetli akt\u00f6rler genellikle Discord\u2019u hedef alarak kripto para, oyun hesaplar\u0131 ve varl\u0131klar\u0131 \u00e7almakta ve genel olarak kullan\u0131c\u0131lara ac\u0131 \u00e7ektirmektedir. Daha fazla Discord doland\u0131r\u0131c\u0131l\u0131\u011f\u0131 \u00f6rne\u011fi i\u00e7in yaz\u0131lar\u0131m\u0131za g\u00f6z at\u0131n:<\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/malware-in-discord\/10239\/\" target=\"_blank\" rel=\"noopener\">Discord sohbetlerinde k\u00f6t\u00fc ama\u00e7l\u0131 etkinlik<\/a><\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptoscam-in-discord\/9309\/\" target=\"_blank\" rel=\"noopener\">Discord\u2019da Kripto Doland\u0131r\u0131c\u0131l\u0131\u011f\u0131<\/a><\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptoscam-in-discord-fake-news-services\/9342\/\" target=\"_blank\" rel=\"noopener\">Discord kripto doland\u0131r\u0131c\u0131\u011f\u0131: Klonlar\u0131n sald\u0131r\u0131s\u0131<\/a><\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptoscam-in-discord-fake-dex-airdrop\/9479\/\" target=\"_blank\" rel=\"noopener\">Discord kripto doland\u0131r\u0131c\u0131l\u0131\u011f\u0131: Doland\u0131r\u0131c\u0131lar\u0131n intikam\u0131<\/a><\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptoscam-in-discord-fake-ico\/9707\/\" target=\"_blank\" rel=\"noopener\">Discord kripto doland\u0131r\u0131c\u0131l\u0131\u011f\u0131: Yeni bir umut<\/a><\/p><\/blockquote>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-geek\">\n","protected":false},"excerpt":{"rendered":"<p>Sald\u0131rganlar Discord davet ba\u011flant\u0131lar\u0131n\u0131 ele ge\u00e7irip kurbanlar\u0131 ClickFix tekni\u011fiyle k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fcklemek \u00fczere doland\u0131r\u0131c\u0131l\u0131k sunucular\u0131na y\u00f6nlendiriyor.<\/p>\n","protected":false},"author":2726,"featured_media":13616,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[2666,2797,2369,744,2785,2629,658,1336,1753,1109,716,537],"class_list":{"0":"post-13615","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-baglantilar","9":"tag-clickfix","10":"tag-discord","11":"tag-guvenlik","12":"tag-haberciler","13":"tag-hirsizlar","14":"tag-kotu-amacli-yazilimlar","15":"tag-kripto-para-birimi","16":"tag-rat","17":"tag-saldirilar","18":"tag-sosyal-medya","19":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/13615\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/28362\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/31208\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/40170\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/53955\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/23019\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/24048\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/hijacked-discord-invite-links-for-multi-stage-malware-delivery\/29440\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/discord\/","name":"Discord"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=13615"}],"version-history":[{"count":6,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13615\/revisions"}],"predecessor-version":[{"id":13618,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13615\/revisions\/13618"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/13616"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=13615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=13615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=13615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}