Utilizing Discord as a Possible Attack Vector

Hello everyone,
I’ve been recently working on a small proof of concept malware which takes Discord webhooks and turns them into a server for receiving sensitive information. The malware so far has multiple built in plugins and was designed to be easy to add to however as of right now its able to decrypt all chrome passwords, steal filezilla logs, steal discord tokens, and more. This isn’t meant to be maliciously used more just highlight a potential attack vector which Discord should possibly patch or monitor because as of right now Discord has nothing in place when it comes to preventing the spread of malware which can be seen by them not removing malware being hosted on there domain[1] and also by being able to send sensitive data (which can be matched by using regex) through a webhook.

Full Project Source Code: https://github.com/backslash/AngstStealer

Citations:
[1] https://twitter.com/malwrhunterteam/status/1289148607489245184

6 Likes

added new updates to the POC malware, have added easier plugin integration, antivm, and have increased the speed and durability.

2 Likes

Very neat little tool, I’ve been interested in Discord (in)security for a while now and this is definitely something worth looking into. If I may give you a suggestion for a future update I would add Linux compatibility to the to do list.

It’s amazing how after all this time they still leave the token completely in plain text.