New malware is attacking Discord users by modifying its files so that it transformed into a backdoor and acts as information-stealing Trojan. It targets the Windows Discord client, which is an Electron application. That is all its functionality is derived from CSS, HTML, and JavaScript. After which it modifies the core files to executes its malicious process.
The malware is called Spidey Bot
Spidey Bot was discovered by researcher MalwareHunterTeam earlier this month. It adds the following malicious JavaScript to the client files –
- %AppData%\Discord\[version]\modules\discord_modules\index.js
- %AppData%\Discord\[version]\modules\discord_desktop_core\index.js files.
After this, the malware will terminate and force your Discord app to restart for the new changes to be executed. Once restarted, the edited JavaScript function collects a variety of information about the users, which is then sent to the attacker via a Discord webhook.
What information is being stolen from you?
The malware sent back a lot of information, most importantly:
- Discord user token
- The victim’s local IP address
- Victim’s public IP address via WebRTC
- User information such as username, email address, phone number, and more
- Whether they have stored payment information
- The first 50 characters of the victim’s Windows clipboard
The contents of the clipboard are very dangerous as it usually contains the user’s passwords or any other sensitive information. After all this, the malware executes the fightdio() function, which acts as a backdoor. Now the attacker can install more malware on your device and steal any payment-related information.
How to stay safe from malware?
Many researchers have analyzed the malware, but they aren’t a hundred percent sure how the malware is being spread. It might be using Discord messaging or any other method. Users can’t detect the malware unless they perform network sniffing, which most people don’t.
However, uninstalling the installer isn’t enough, as the modified Discord files will restart the whole process again. Users need to uninstall the Discord app and then reinstall it to stay safe.
