Utilizing Discord as a Possible Attack Vector

NotBackslash · August 6, 2020, 8:47pm

Hello everyone,
I’ve been recently working on a small proof of concept malware which takes Discord webhooks and turns them into a server for receiving sensitive information. The malware so far has multiple built in plugins and was designed to be easy to add to however as of right now its able to decrypt all chrome passwords, steal filezilla logs, steal discord tokens, and more. This isn’t meant to be maliciously used more just highlight a potential attack vector which Discord should possibly patch or monitor because as of right now Discord has nothing in place when it comes to preventing the spread of malware which can be seen by them not removing malware being hosted on there domain[1] and also by being able to send sensitive data (which can be matched by using regex) through a webhook.

Full Project Source Code: https://github.com/backslash/AngstStealer

Citations:
[1] https://twitter.com/malwrhunterteam/status/1289148607489245184

NotBackslash · August 20, 2020, 6:46am

added new updates to the POC malware, have added easier plugin integration, antivm, and have increased the speed and durability.

Baud · August 20, 2020, 4:39pm

Very neat little tool, I’ve been interested in Discord (in)security for a while now and this is definitely something worth looking into. If I may give you a suggestion for a future update I would add Linux compatibility to the to do list.

It’s amazing how after all this time they still leave the token completely in plain text.

Smile · September 21, 2020, 6:13pm

Discord is great for getting data from malware and can even be good at sending it, a few of my rats use discord bots to get commands to control the user

iii23 · September 23, 2020, 9:01pm

Pyinstaller isn’t working for me

system · December 6, 2020, 12:49pm

This topic was automatically closed after 121 days. New replies are no longer allowed.