https://github.com/2m4u/antidiscordphishing

Informative Detail To Prevent Your Account Being Compromised.
https://github.com/2m4u/antidiscordphishing

cracker discord discord-api discordapp stealer

Last synced: about 1 year ago
JSON representation

Informative Detail To Prevent Your Account Being Compromised.

• Host: GitHub
• URL: https://github.com/2m4u/antidiscordphishing
• Owner: 2M4U
• Created: 2022-02-23T18:58:57.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2022-02-23T19:10:49.000Z (about 4 years ago)
• Last Synced: 2025-01-07T18:30:56.791Z (over 1 year ago)
• Topics: cracker, discord, discord-api, discordapp, stealer
• Homepage:
• Size: 1.95 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# The Infamous Copy-pasta Anti Phishing/Scam Announcement



# How to **ACTUALLY** prevent it 

###### *instead of this __DUMB COPY PASTA__ information which is useless*

I've noticed a copy-pasta announcement thats been in circulation throughout the platform of Discord, I wanted to inform you this copy-pasta is actually uninformative as 2FA does not prevent any form of Nitro Scam/Phishing Links due the nature of the way these scammers/links work, they are designed to steal your accounts token, and by doing so they have full control of your account including changing the email address/password and much more to do with which ever account is compromised, therefore rendering 2FA useless attempt to fight back against these phishing links, however there are much more secure and more efficient means of protecting your account simply by doing the following:

[1] Implementing a checker in a discord bot to scan for such scam links using this API:


https://phish.sinking.yachts/docs

[2] Using this freeware that is open sourced on GitHub to protect against most Discord Token stealers/jackers/phishing sites.


https://github.com/andro2157/DiscordTokenProtector

The reason on why they can grab the token is due to Discords inability to enforce protection against these types of things gaining accessing to what's known as `localStorage`, for example with the discord app for PC itself, the app is built in Electron and they use what's known as `"safeStorage()"` to encrypt/decrypt `localStorage`, it is encrypted until the [`science`](https://discord.com/api/v9/science) end point requests a heartbeat from the application (using websockets) at which point the app then decrypts the token and stores it in `localStorage`, making it vulnerable to phishing/jacking/stealing attempts.

Just thought I would inform you as I've seen this copy-pasta alot over the past few weeks and still see alot of people being phished by this illusion of 2FA potentially stopping scammers, which triggered me into researching as to how they are doing it, and what measures to take fully to stop 99.9% of their attempts.

### Science Endpoint Preview: