The malware is called Spidey Bot
- %AppData%\Discord\[version]\modules\discord_desktop_core\index.js files.
What information is being stolen from you?
The malware sent back a lot of information, most importantly:
- Discord user token
- The victim’s local IP address
- Victim’s public IP address via WebRTC
- User information such as username, email address, phone number, and more
- Whether they have stored payment information
- The first 50 characters of the victim’s Windows clipboard
The contents of the clipboard are very dangerous as it usually contains the user’s passwords or any other sensitive information. After all this, the malware executes the fightdio() function, which acts as a backdoor. Now the attacker can install more malware on your device and steal any payment-related information.
How to stay safe from malware?
Many researchers have analyzed the malware, but they aren’t a hundred percent sure how the malware is being spread. It might be using Discord messaging or any other method. Users can’t detect the malware unless they perform network sniffing, which most people don’t.
However, uninstalling the installer isn’t enough, as the modified Discord files will restart the whole process again. Users need to uninstall the Discord app and then reinstall it to stay safe.