Patrick Domingues

Researchers found that Hackers are injecting malware into Discord to steal your information. The Windows Discord application functionality is based on HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup.

This Discord malware is targeting data that can be obtained from the chatting platform itself:

• details about the Discord version used;
• the browser user agent;
• first 50 characters out of the victims’ Windows clipboard;
• zoom factor;
• stored payment information;
• username;
• email address;
• phone number;
• a public IP address;
• a local IP address;
• screen resolution;
• timezone;
• Discord user token.

How to check if you are infected

Checking if your Discord client has been modified is very easy as the targeted files normally have only one line of code in them.

To check the %AppData%\Discord\[version]\modules\discord_modules\index.js simply open it in Notepad and it should only contain the single line of “module.exports = require(‘./discord_modules.node’);” as shown below.

For the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, it should only contain the “module.exports = require(‘./core.asar’);” string as shown below.

If either of the two files contain code other than what is shown above, then you should uninstall and reinstall the Discord client and confirm the modifications are removed.

It is important to remember, though, that other malware can just as easily modify other JavaScript files used by the Discord client so these instructions are only for this particular malware.

More details can be found at bleepingcomputer

• Automating System Updates with Unattended-Upgrades on Ubuntu
• How to Add a Large Disk Partition as Storage in Proxmox VE
• How to Remove Radmin Viewer with PowerShell
• How to Automate Ubuntu Server System Updates and Package Installation
• Introducing Zevonix: Your Pathway to Smarter IT

Patrick Domingues

See Full Bio