Malware turns Discord into a Trojan horse. Check if you have been infected

Share:

Check if your program is infected.

Discord is an extremely popular – especially among gamers – voice communicator. Its undoubted advantage is the ability to create free multi-person chat rooms and the ability to use only the web version of the application. Many people decide to use a slightly more convenient desktop client, which is currently under massive attack from cybercriminals.

New malware called Spidey Bot (or Blue Face) it modifies the Discord Windows client in such a way that it turns it into a backdoor and a Trojan-stealing information. Discord for Windows is an application using the Electron programming platform, based on HTML, CSS and JavaScript. It is thanks to this that malware can modify its files in such a way that the client will execute malicious code during launch.

After the user downloads and starts the computer with the name Blueface Reward Claimer.exe or Synapse X.exe malware adds its malicious JavaScript code to files % AppData% Discord (version) modules discord_modules index.js and % AppData% Discord (version) modules discord_desktop_core index.js . Malware then automatically stops the Discord process and restarts the application for changes to the code to be made.

After launching the infected JavaScript client, it executes Discord API commands and various JavaScript functions to collect user information, which is then sent by the Discord webhook to the attacker. The information includes the first 50 characters stored at a given time in the Windows clipboard, the victim's IP address, payment details (if stored in Discord), Discord's user token, nickname, email address, phone number and many more.

After sending the information, the malware performs the fightdio () function, which plays the role backdoor. Thanks to it, a connection to the remote site is established. This allows the cybercriminal to perform other potentially harmful activities, including executing commands on the victim's computer and installing other types of malware remotely.

Security experts believe that malware is mainly sent via Discord. Interestingly, even after anti-virus software detects and deletes .exe files, the modified Discord files remain infected. Uninstalling Discord is the only way to fix the situation.

How to check if Discord is infected?

Check the location first % AppData% Discord (version) modules discord_modules and open the index.js file with Notepad. This file should contain only a single line of code with the content module.exports = require ('./ discord_modules.node'); .

Then visit the location % AppData% Discord (version) modules discord_desktop_core and check the contents of the local index.js file. It should contain only a code line module.exports = require ('./ core.asar'); .

If the lines are different or more, uninstall Discord and reinstall it. You can download the latest version of the program via our file base.

Source: Bleeping Computer