Discord Turned Into an Info-Stealing Backdoor by New Malware


Discord Turned Into an Info-Stealing Backdoor by New Malware (Oct 23, 2019)

Discord users are being targeted by a new Trojan that MalwareHunterTeam researchers have called “Spidey Bot”. This malware modifies the Windows Discord client so that it can act as a backdoor and steal information such as user email address, IP address, payment information, phone number, timezone, Windows Clipboard, and username. he Windows Discord client is an Electron application, a framework using Javascript, enabling the malware to modify its core files. This allows the malware to execute malicious behaviour on startup. Researchers believed that the malware might be being delivered through Discord chats disguised as cheats for games such as Roblox. Victims have to uninstall and reinstall the Discord app to remove the modified core files.

Recommendation: Users can check their Discord AppData file, the index Javacsript file should only contain one line “module.exports = require(“”), should there be multiple lines of code, Discord is infected.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.