Several threat actors were seen abusing Discord, the freeware VoIP application, to modify the client to perform malicious activities. Malware targeting Discord are becoming more common these days.
New Discord malware - NitroHack
Recently, MalwareHunterTeam found a new Discord malware that can modify the Windows Discord client to turn it into an account-stealing Trojan.
- The malware called NitroHack is being distributed on Discord that can steal user tokens saved in various browsers.
- It tries to spread to other potential victims via direct messages that promote it as an offer to subscribe to the premium Discord Nitro service.
- To steal user tokens, NitroHack copies browser databases for Chrome, Discord, Opera, Yandex Browser, Brave, Vivaldi, and Chromium and scans them for Discord tokens. Once done, the malware posts the list of stolen tokens to a channel under the attacker’s control.
Discord modifying malware have become so effective that most people will not even know that they are under attack. Updated malware definitions may also often not detect such malware, as they perform various malicious activities, infect the client, and then do not run again.
- In May 2020, a new version of the AnarchyGrabber malware, AnarchyGrabber3 was seen modifying a Discord client to enable attackers to steal passwords and user tokens, disable 2FA and spread malware to a victim's friends on Discord.
- In October 2019, attackers abused the Discord chat service to use it for malware-hosting and distribution service and used Discord webhooks as stolen data drops.
- In the same month, attackers targeted Discord users by modifying the Windows Discord client to transform it into a backdoor and an information-stealing trojan.
To remove the NitroHack malware, remove the malware code from the index.js file, which can be done manually or by uninstalling the Discord client and installing it again. Users should source a good VPN and change their Discord privacy settings.