New malware that targets Discord on Windows turns the client into a backdoor and Trojan

Written 7 months ago by IanDorfman

Anyone that uses Discord on Windows and is getting suspicious unprompted messages from users should make sure to not click on them in order to avoid the latest case of malware running amok. Make sure that your Discord install is up to date.

Called "Spidey Bot," the malware nests itself in modified JavaScript in the following locations on infected computers:

%AppData%\Discord[version]\modules\discord_modules\index.js
%AppData%\Discord[version]\modules\discord_desktop_core\index.js

Discord user token
Victim timezone
Screen resolution
Victim's local IP address
Victim's public IP address via WebRTC
User information such as username, email address, phone number, and more
Whether they have stored payment information
Zoom factor
Browser user agent
Discord version
The first 50 characters of the victim's Windows clipboard

All of that information, especially the first 50 characters of a person's clipboard, definitely makes this a dangerous piece of malware. And after the information is sent to the attacker, a backdoor is implemented so the attacker can attempt to steal more data from the infected installation in the future.

As of a few hours before the publication of this story, Small Discord iconDiscord has not addressed the malware according to a tweet by the group that discovered it. So for now, make sure to only download applications you know and trust, as well as to not click on any unprompted messages with links.

Further coverage:
BleepingComputer