PSA. Discord users beware!!!!

[d57heinz]

if you missed in the past few days.  I know of lot of this forum moved to discord.  Be Careful

https://qr.ae/TWHxAd

https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/?utm_source=quora&utm_medium=referral


BR
Doug

[thefix]

if you missed in the past few days.  I know of lot of this forum moved to discord.  Be Careful

https://qr.ae/TWHxAd

https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/?utm_source=quora&utm_medium=referral


BR
Doug

Thanks for the info, it looks like its mainly associated with the app and not the web browser version. I will dig around more but so far it looks like people need to take some steps to uninstall the app and check locations mentioned in the article.

[leowonderful]

I actually initially thought this sort of malware was transferred through communicating through the actual Spidey Bot on Discord, but I'm glad that's not the case and I assume it spreads via normal vectors other viruses typically take with Windows. Still checked my Discord files either way and they seem to be fine, but if you don't have time to read the entire article, here's how you can know if you've been infected or not:

To check the %AppData%\Discord\[version]\modules\discord_modules\index.js simply open it in Notepad and it should only contain the single line of "module.exports = require('./discord_modules.node');" as shown below.

For the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, it should only contain the "module.exports = require('./core.asar');" string as shown below.

[version] is the numbered file inside Discord, something like 0.0.305 or something of the sort.