do son 
Discord Server Manipulation | Image: Cyfirma
A new report from CYFIRMA reveals that cybercriminals are increasingly exploiting Discord, the popular communication and gaming platform, for malicious purposes. The platform’s API capabilities are being leveraged to facilitate a recently discovered Python-based Remote Access Trojan (RAT).
Attackers are using Discord as a Command and Control (C2) server. This allows them to execute arbitrary system commands, pilfer sensitive information, capture screenshots, and manipulate both local machines and Discord servers. According to the report, “The increasing use of Discord as a communication and gaming platform has also made it a target for cybercriminals.”
The Python-based RAT utilizes a Discord bot with high-level permissions to perform a range of malicious activities. The bot is designed to read all messages and execute predefined commands, effectively giving the attacker control over compromised systems.
Here’s a breakdown of the RAT’s capabilities:
- Credential Theft: The RAT can steal stored passwords from Google Chrome’s local database, giving attackers access to user credentials. As the report states, “One of the most concerning functions is its ability to steal stored passwords from Google Chrome’s local database.”
- Remote Command Execution: Attackers can execute any shell command on the victim’s machine. The output of these commands is then relayed back to the attacker via Discord, providing full system control.
- System Surveillance: The RAT can capture screenshots of the victim’s screen and send them through Discord. This enables continuous monitoring and espionage.
- Persistence Mechanisms: The bot is designed to automatically reconnect if disconnected, ensuring uninterrupted access for the attacker.
- Discord Server Manipulation: The RAT can delete and recreate channels within Discord servers, allowing attackers to maintain control and further their malicious objectives. This includes automatically creating new channels with the victim’s username and computer name.
The report also notes that the script automatically redeploys the control panel whenever a new channel is created, ensuring that the attacker retains easy access to the RAT’s functionalities.
This research underscores the adaptability of cybercriminals and their willingness to exploit legitimate platforms for malicious activities. The use of Discord’s API for C2 operations presents a significant threat to both individual users and organizations.
Related Posts:
- Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit
- Malicious PyPI Packages Expose User Credentials
- Russia Bans Discord Over Illegal Content Concerns
- Cybercriminals Turn Discord into Malware Playground with Lumma Stealer
- Discord’s Decisive Shift: Temporary File Links to Thwart Malware Spread
