“Saying “Discord malware”, I mean a malware that is will work from inside the installed Discord client (writes .js files in the Discord AppData folder, which will be loaded by Discord client)”, — writes @malwrhunterteam.
During installation, Spidey Bot adds malicious JavaScript to the% AppData%\Discord\[version]\modules\discord_modules\ index.js and %AppData%\Discord\[version]\modules\discord_desktop_core\index.js files. Then the malware will shut down Discord and restart the program for the changes to take effect.
Read also: Researchers found vulnerabilities in eRosary smart rosaries from Vatican developers
Once launched, malicious JavaScript will use various Discord API commands and JavaScript functions to collect user information, which will then be passed to the attacker through the Discord web hook. Among these data will be:
After transmitting this information to its operators, the malware will perform the fightdio()function, which acts as a backdoor. This function will be used to connect to a remote site and wait for additional commands.
This will allow an attacker to perform other malicious actions, including theft of payment information, executing commands on the victim’s machine, and installing other malware.
Another well-known information security expert, Vitaliy Kremez, also studied a new malware and reports that during the infection are used files with names such as Blueface Reward Claimer.exe and Synapse X.exe. Although the researcher is not completely sure how the Spidey Bot is distributed, he believes that attackers use the usual messages in Discord to spread the threat.
“Such attacks are dangerous because they do not show any external signs of compromise. Suspicious activity can only be detected by detecting strange API calls and web hooks. Even worse, defensive solutions so far are poorly detecting this malware”, – say analysts.
Therefore, according to VirusTotal, only 38 out of 68 antivirus products are able to spot Spidey Bot.
Discord is a free instant messenger with support for VoIP and video conferencing, initially aimed at users of computer games.
About Himalayaview.top Himalayaview.top pop-ups can not launch out of the blue. If you have actually…
About Youdilgad.top Youdilgad.top pop-ups can not expose out of the blue. If you have clicked…
About Alkads.com Alkads.com pop-ups can not launch out of the blue. If you have clicked…
About Bigamirt.xyz Bigamirt.xyz pop-ups can not launch out of nowhere. If you have clicked some…
About Micorban.xyz Micorban.xyz pop-ups can not open out of the blue. If you have actually…
About Msdefender.co.in Msdefender.co.in pop-ups can not expose out of the blue. If you have actually…