Title: PSA. Discord users beware!!!! Post by: d57heinz on October 28, 2019, 01:27:16 AM if you missed in the past few days. I know of lot of this forum moved to discord. Be Careful
https://qr.ae/TWHxAd https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/?utm_source=quora&utm_medium=referral BR Doug Title: Re: PSA. Discord users beware!!!! Post by: thefix on October 28, 2019, 11:19:04 PM if you missed in the past few days. I know of lot of this forum moved to discord. Be Careful https://qr.ae/TWHxAd https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/?utm_source=quora&utm_medium=referral BR Doug Thanks for the info, it looks like its mainly associated with the app and not the web browser version. I will dig around more but so far it looks like people need to take some steps to uninstall the app and check locations mentioned in the article. Title: Re: PSA. Discord users beware!!!! Post by: leowonderful on October 29, 2019, 01:35:01 AM I actually initially thought this sort of malware was transferred through communicating through the actual Spidey Bot on Discord, but I'm glad that's not the case and I assume it spreads via normal vectors other viruses typically take with Windows. Still checked my Discord files either way and they seem to be fine, but if you don't have time to read the entire article, here's how you can know if you've been infected or not:
To check the %AppData%\Discord\[version]\modules\discord_modules\index.js simply open it in Notepad and it should only contain the single line of "module.exports = require('./discord_modules.node');" as shown below. For the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, it should only contain the "module.exports = require('./core.asar');" string as shown below. [version] is the numbered file inside Discord, something like 0.0.305 or something of the sort. |