Security researchers have uncovered a new tactic where hackers are reusing expired or deleted Discord invite links to redirect users to malicious websites.
These sites deliver remote access trojans and information-stealing malware designed to compromise personal and system data.
The campaign exploits a flaw in Discord’s invitation system, allowing attackers to carry out multi-stage infections that can evade detection by many antivirus tools.
Discord invite links are typically used to grant users access to a specific server. These links can be temporary, permanent, or custom vanity URLs for servers with level 3 boosts. However, researchers at Check Point found that when a server loses its boost status, its custom invite code becomes available again—and can be claimed by another server.
The same is true for expired or deleted invite links. According to the researchers, Discord’s system allows these codes to be reused in new vanity links. In many cases, users may assume that checking the “make this link permanent” option offers full protection, but it does not prevent certain invite codes from being reclaimed and misused.
There is also a case sensitivity flaw. Invite codes that contain uppercase letters can be reused in lowercase form within vanity links. Since Discord processes vanity URLs in lowercase, this allows the same code to be valid for two different servers simultaneously.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
To reduce risk, users are advised to be cautious when clicking on Discord invite links, especially those shared in public spaces or from unfamiliar sources. Server administrators should also monitor their custom invite codes and be aware that expired or deleted links may still be vulnerable to hijacking.
