General

How to check if new Discord malware is stealing your info

by Alan Bernal

Share


Popular voice and text chat app Discord is reportedly being targeted by a malware through the Windows application for the service – potentially endangering users’ information.

First reported by BleepingComputer, since the Windows Discord app is mostly reliant on CSS, HTML, and JavaScript, the malware is able to infiltrate and modify base lines of code that can cause the program to compromise data.

The malicious program is reportedly called “Spidey Bot” or “BlueFace,” and was discovered by the MalwareHunterTeam. While there’s uncertainty of when the malware first appeared, its been known to steal date including first 50 characters of Windows clipboard, local IP address, Discord user token, and more.


Check if Discord was infected by malware

Luckily, there’s an easy way to check if the malware was able to creep onto your Windows Discord app since the targeted files should only have one line of code in them.

To check if your version of Discord has been infected with the malware, open up %AppData%\Discord\[version]\modules\discord_modules\index.js in Notepad2.

If the file only reads one line of code that says “module.exports = require('./discord_modules.node');" then that hasn’t been compromised by the malware.

Courtesy of BleepingComputer
Courtesy of BleepingComputer
What the program should look like after running the code in Notepad2.

After that, do the same with the file called %AppData%\Discord\[version]\modules\discord_desktop_core\index.js, which should again only contain one line saying: "module.exports = require('./core.asar');"

However, if you run the check and find multiple lines of code, then those shouldn’t be there and it’s probably been infected.

Courtesy of BleepingComputer
Courtesy of BleepingComputer
What the files definitely shouldn't look like.

After identifying it, you should uninstall Discord from the computer and reinstall it, then run the check again, just in case.

How can a Discord user get the malware?

The backdoor program can be dangerous especially if left unchecked, but it looks like it has to be let in in order to do its damage.

Discord users should steer clear from messages from unfamiliar usernames, or those random links thrown in a server unless you know they’re safe or come from a trusted source.

“Unfortunately, there's not much any app can do to prevent something like this,” Discord said in regards to the malware. “However, you should always be cautious about clicking strange links and even more suspicious of downloading unknown software from unverified sources. Doing so could lead to things like this.”