Personal Privacy

New Malware Turns Discord Into a Data-Stealing Backdoor

The Infinite Brief
A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan.

This malware is called “Spidey Bot” based on the name of the Discord command and control channel that the malware communicated with.

When installed, the malware will add its own malicious JavaScript to the %AppData%\Discord\[version]\modules\discord_modules\index.js and %AppData%\Discord\[version]\modules\discord_desktop_core\index.js files.

Once started, the JavaScript will execute various Discord API commands and JavaScript functions to collect a variety of information about the user that is then sent via a Discord webhook to the attacker.

Curated via Bleeping Computer

Leave a Response