This Discord malware is targeting data that can be obtained from the chatting platform itself:
- details about the Discord version used;
- the browser user agent;
- first 50 characters out of the victims’ Windows clipboard;
- zoom factor;
- stored payment information;
- email address;
- phone number;
- a public IP address;
- a local IP address;
- screen resolution;
- Discord user token.
How to check if you are infected
Checking if your Discord client has been modified is very easy as the targeted files normally have only one line of code in them.
To check the %AppData%\Discord\[version]\modules\discord_modules\index.js simply open it in Notepad and it should only contain the single line of “module.exports = require(‘./discord_modules.node’);” as shown below.
For the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, it should only contain the “module.exports = require(‘./core.asar’);” string as shown below.
If either of the two files contain code other than what is shown above, then you should uninstall and reinstall the Discord client and confirm the modifications are removed.
More details can be found at bleepingcomputer