Discord is one of the most popular social media platform which is used by gamers for all-in-one voice and text chat for.
The information collected and sent to the attacker includes Discord user token, victim timezone, victim’s local IP address, victim’s public IP address via WebRTC, user information such as username, email, phone number and more. All this information could allow the user to steal passwords, personal information or any other personal and sensitive data copied by the user. Discord malware then executes the fightdio() function which will then act like the backdoor. This function connects to a remote site to receive extra commands. These commands then allow the attacker to perform malicious activity such as stealing payment information, executing commands, or potentially installing further malware.
Discord however has certain methods of alarming it’s users about the malware threats. Update 10/24/19 added sections on checking specified JS files for modifications and how Discord can monitor these modifications. Update 10/24/19 added information about the C2 being dead, the name of this infection may be BlueFace and the malware has been discontinued.
Use NPAV and stay protected from all malware attacks.