![Video investigator .rar](https://kumkoniak.com/31.jpg)
![video investigator .rar video investigator .rar](https://forum.cfx.re/uploads/default/original/3X/1/9/19de45d9613523cf5d98e6a902cce531ddaaf10b.png)
To avail offer, the user has to subscribe to the TA’s Youtube channel, as shown in the figure below.įigure 5 – TA offering instant unban FiveM
![video investigator .rar video investigator .rar](http://s7.dpic.me/01269/vym0idlfw10w.jpg)
Figure 4 – Giveaway post on TA’s Discord serverĪlong with the giveaway offer, the TA has also offered instant unban FiveM and provided a YouTube link in the verify section of the discord channel. This is a clever way of promoting the discord channel and also infecting a maximum number of users. Figure 3 – Pricing list for Cloud Spoofer productĪdditionally, while investigating the TA’s Discord server, we observed that TA is offering a giveaway where the Discord channel members have to create a YouTube or TikTok video, mentioning the TAs discord channel link in the video description. The TA has mentioned the price details for Cloud Spoofer in the “prices” section, as shown in the below figure. Since then, TA has started selling Cloud Spoofer for 20-60 Euros based on user requirements. The above image shows that this Discord server was created on September 2022. Figure 2 – TA’s Discord server selling spoofer Gamers use Spoofer tools to get unban from the platform and continue playing the game. Usually, the FiveM bans the players for a period of time whenever a gamer is suspected of cheating. Figure 1 – Malicious site redirects the user to a Discord server The FiveM is the mod project that allows gamers to play Grand Theft Auto V (GTA5) with custom multiplayer modes on customized dedicated servers. Recently, CRIL identified a malicious site hxxps://cloud-spooferxyz, which redirects the user to a discord channel where the announcement is made by the Threat Actor (TA) for selling the spoofer to get unban from FiveM. Threat Actor Leveraging Discord Channel to Spread MalwareĬyble Research and Intelligence Labs (CRIL) has continuously monitored phishing campaigns that distribute different malware families such as stealer, proxyware, among others.
![Video investigator .rar](https://kumkoniak.com/31.jpg)