How to check if new Discord malware is stealing your info - Dexerto
General

How to check if new Discord malware is stealing your info

Published: 25/Oct/2019 1:16 Updated: 25/Oct/2019 2:03

by Alan Bernal

Share


Popular voice and text chat app Discord is reportedly being targeted by a malware through the Windows application for the service – potentially endangering users’ information.

First reported by BleepingComputer, since the Windows Discord app is mostly reliant on CSS, HTML, and JavaScript, the malware is able to infiltrate and modify base lines of code that can cause the program to compromise data.

The malicious program is reportedly called “Spidey Bot” or “BlueFace,” and was discovered by the MalwareHunterTeam. While there’s uncertainty of when the malware first appeared, its been known to steal date including first 50 characters of Windows clipboard, local IP address, Discord user token, and more.

Check if Discord was infected by malware

Luckily, there’s an easy way to check if the malware was able to creep onto your Windows Discord app since the targeted files should only have one line of code in them.

To check if your version of Discord has been infected with the malware, open up %AppData%\Discord\[version]\modules\discord_modules\index.js in Notepad2.

If the file only reads one line of code that says “module.exports = require(‘./discord_modules.node’);” then that hasn’t been compromised by the malware.

Courtesy of BleepingComputerWhat the program should look like after running the code in Notepad2.

After that, do the same with the file called %AppData%\Discord\[version]\modules\discord_desktop_core\index.js, which should again only contain one line saying: “module.exports = require(‘./core.asar’);”

However, if you run the check and find multiple lines of code, then those shouldn’t be there and it’s probably been infected.

Courtesy of BleepingComputerWhat the files definitely shouldn’t look like.

After identifying it, you should uninstall Discord from the computer and reinstall it, then run the check again, just in case.

How can a Discord user get the malware?

The backdoor program can be dangerous especially if left unchecked, but it looks like it has to be let in in order to do its damage.

Discord users should steer clear from messages from unfamiliar usernames, or those random links thrown in a server unless you know they’re safe or come from a trusted source.

“Unfortunately, there’s not much any app can do to prevent something like this,” Discord said in regards to the malware. “However, you should always be cautious about clicking strange links and even more suspicious of downloading unknown software from unverified sources. Doing so could lead to things like this.”

General

Police hunt for suspect after hoax hostage situation at Ubisoft Montreal

Published: 13/Nov/2020 19:45 Updated: 14/Nov/2020 0:37

by Theo Salaun

Share


Reports indicate that there is an ongoing hostage situation involving dozens of people at Ubisoft Montreal’s headquarters in the Mile-End neighborhood of Montreal, Quebec. There have been no confirmed injuries.

Update (7:35 p.m. ET): Ubisoft Montreal have released a statement regarding the hostage situation. “We are extremely relieved this was resolved without incident and we’d like to thank you all for your support and kind words.”

No injuries were reported at the offices. Montreal Police are launching a full investigation into the call.

Update (5:04 p.m. ET): All of the Ubisoft Montreal’s building occupants are being safely evacuated by Montreal’s police force and the police have joined local news in suggesting that the situation was, in fact, a hoax perpetrated by a call within the Ubisoft headquarters. No suspect has been identified or apprehended at this point, but the SPVM are actively investigating.

Update (4:04 p.m. ET): While local news outlets are reporting that the hostage situation was a hoax, Montreal’s police force have indeed confirmed that there appears to be no active threat and that the building’s occupants are being evacuated.

Update (3:33 p.m. ET): Little is known about the police force’s ongoing activity in attempts to enter the building, but CTV News reports that Ubisoft’s employees have been told, via company memo, to “hide in an area that locks and to keep quiet.”

Update (3:00 p.m. ET): Heavily armed Montreal police tactical units are approaching the building and preparing to make entry. Dozens of employees remain on roof and no injuries or negotiations with the suspects have been reported thus far.

Update (November 13, 2020 at 2:49 p.m. ET): Police appear to have barricaded off the daycare at Ubisoft Montreal’s headquarters, at least 50 employees have barricaded themselves atop the building’s roof, and tactical police units have blocked off surrounding streets and appear to be preparing to make entry. Current reports indicate that there have been no injuries thus far, according to local news on the scene.

With numerous reports and tweets from local news and Ubisoft Montreal employees, respectively, it appears that a hostage situation is unfolding at the company’s headquarters but that all employees are safe. 

In the afternoon, it was reported by Quebec’s TVA Nouvelles that dozens of hostages were being held at Ubisoft Montreal’s building on Saint Laurent Boulevard. This ongoing situation was echoed by Montreal’s police department, who put out public announcements to avoid the area due to the police’s efforts there.

Shortly after, numerous employees, including Programming Project Lead Gavin Young and a Production Marketer for Assassin’s Creed: Valhalla, tweeted that they were indeed safe and sound despite what was happening in the building.

Although ‘Valskuiken’ tweeted that they would be going home, it appears that a large conglomerate of employees have made their ways to the building’s roof and have barricaded themselves up there by blocking off the door to the exterior.

Further, reports from TVA Nouvelles indicate that a ransom request has been made by the suspects, but it is unclear what has come of it as police continue to operate in the vicinity.

At present, it appears that numerous employees are safe but it is unclear what is precisely happening with the situation given the multi-floor building’s space and large occupancy. At least 50 employees have made it to the roof, wherereports show they are holding up safely. However, in anticipation of the police force making entry into the building, it seems that ambulances and a tactical police force are arriving to the scene.

As reports indicate, the tactical forces approaching the building include numerous police officers, tactical police units, and heavier vehicles. There have been no indications of injuries thus far, so it appears that the ambulances are predominantly a precautionary measure.

We will be continuing to update this page with updates as they come in and as the Montreal police force and local news provide information to the public about the current circumstances.