Discord 'Spidey Bot' Malware Is Stealing Usernames, Passwords | Tom's Guide

Oops. Microsoft has done it again.

Microsoft is a giant corporation which was founded in 1975. They develop Windows since 1985. That's 34 years now.

You should expect that a multinational corporation which develops the same OS for over 3 decades would have got the security part right by now. 

If you would bet on that, you'd lose your money. At this point, I'm ready to assume that Microsoft won't ever nail on the security aspects of an OS. If you want to be safer, avoid Microsoft and Windows and use Linux. Linux has better security but it is not 100% safe, as well. However, most of the viruses and malware target Windows so if you have Linux, you are a smaller target.

A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan.

The Windows Discord client is an Electron application, which means that almost all of its functionality is derived from HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup.

The Spidey Bot Malware collects the following information:

- Discord user token;

- Victim timezone;

- Screen resolution;

- Victim's local IP address;

- Victim's public IP address via WebRTC;

- User information such as username, email address, phone number, and more;

- Whether they have stored payment information;

- Zoom factor;

- Browser user agent;

- Discord version;

- The first 50 characters of the victims Windows clipboard.

The contents of the clipboard is especially concerning as it could allow the user to steal passwords, personal information, or other sensitive data that was copied by the user.

After sending all this data to the attacker, the Malware executes another function, which acts as a backdoor: it connects to a remote site to receive an extra command to execute. With this access, the attacker can do things like stealing payment information, executing commands on the computer or installing further malware.

> If the installer is detected and removed, the modified Discord files will still remain infected and continue to be executed each time you start the client. The only way to clean the infection will be to uninstall the Discord app and reinstall it so that the modified files are removed.

Read the article to see how you can check if your Discord program has been hijacked by this malware. If it is, you need to deleted it completely and re-install it. removing the malware is not enough, it will reinstall itself when you open Discord again.

Stay safe out there.

Shared On DLIKE

---