Hackers Using Discord to Steal Your Information With Malware

Researchers found that Hackers are injecting malware into Discord to steal your information. The Windows Discord application functionality is based on HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup.

 

This Discord malware is targeting data that can be obtained from the chatting platform itself:

  • details about the Discord version used;
  • the browser user agent;
  • first 50 characters out of the victims’ Windows clipboard;
  • zoom factor;
  • stored payment information;
  • username;
  • email address;
  • phone number;
  • a public IP address;
  • a local IP address;
  • screen resolution;
  • timezone;
  • Discord user token.

 

How to check if you are infected

Checking if your Discord client has been modified is very easy as the targeted files normally have only one line of code in them.

To check the %AppData%\Discord\[version]\modules\discord_modules\index.js simply open it in Notepad and it should only contain the single line of “module.exports = require(‘./discord_modules.node’);” as shown below.

Normal discord_modules\index.js file
Normal discord_modules\index.js file

For the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, it should only contain the “module.exports = require(‘./core.asar’);” string as shown below.

Normal discord_desktop_core\index.js file
Normal discord_desktop_core\index.js file

If either of the two files contain code other than what is shown above, then you should uninstall and reinstall the Discord client and confirm the modifications are removed.

It is important to remember, though, that other malware can just as easily modify other JavaScript files used by the Discord client so these instructions are only for this particular malware.

More details can be found at bleepingcomputer

Leave a Reply