The scammer "gave themselves" the mod role by overtaking a mod account with social engineering + JS malware injection in a bookmark, posing as someone in DMs who had a coding question about their project
Once the malware is bookmarked in the local browser, the script grabs that person's Discord credentials cookie from the browser, and then sends the information back
Then the scammer ran more bots to change roles and channels within 2 minutes, and made what looked like official posts within the next 3 minutes, while we worked to triangulate the issue
LoRez
bitpixi
bitpixi
bitpixi