If you like playing video games online then you are probably using an IM and VoIP application called Discord. Discord is very similar to the likes of Skype, but it’s mainly used by gamers to chat for free, although it can be used for business, education and more.
Discord was launched in 2015 with just text and audio communication (no video), but later added screen sharing (very important for those RPG sessions) and video calling, as well as Twitch (favorite streaming service for most gamers), Xbox Live and Spotify integrations.
By 2019, Discord grew from 25 million registered users to 250 million and from $5 million to $120 million in estimated revenue, according to the Business of Apps Discord Revenue and Usage Statistics (2020) report.
Unfortunately, if you are a Discord user, you already know that many things can ruin your gaming experience. Trolls, cheating players, Discord crashing in the middle of a gaming session…
There was even a false rumor circulating that Discord would be shutting down on 7th November, 2020. The message Discord users received said:
“Dear discord members, discord is supposed to close Nov 7, 2020 because it has become too populated…”
Of course, to the joy of millions of gamers out there, this was not true.
AnarchyGraber Discord Malware
However, all of the problems we just mentioned are nothing compared to a Discord virus that surfaced at the end of May this year.
First reported by Bleeping Computers on 24th May, 2020, the trojan named AnarchyGraber can steal user’s passwords, disable 2FA and further spread itself to the victim’s friends.
The good news is that you can check if your Discord has been hacked by visiting %AppData%\Discord\[version]\modules\discord_desktop_core\index.js. Open this with your Notepad or TextEdit and look for “module.exports = require (‘./code.asar’)”. If it’s there, you don’t have this particular Discord virus.
NitroHack Discord Malware
If that’s not enough, MalwareHunterTeam discovered another Discord malware not long after AnarchyGraber.
Dubbed NitroHack, this Discord virus was first discovered in June, 2020 and can modify a locally-stored piece of JS code to inject malicious code to the victim’s computer. Once it is installed, the malware will attempt to distribute the user’s login credentials to the hacker every time Discord boots and then spread to the victim’s friend’s through DMs.
Unfortunately, Discord hackers have also found a way to elude the app’s security as it can’t register the changes to the Discord client.
The only sure way to see if your Discord client is compromised by this trojan is to open %AppData%\\Discord\0.0.306\modules\discord_voice\index.js using Notepad, TextEdit, or similar software on your computer.
Now just check if the file ends with “module.exports = VoiceEngine;”. If it does, you’re Discord malware-free.
Hells Gate Group
In 2019, Forbes reported that a Discord group called “Hells Gate” has been selling stolen credentials.
According to one forum post, Hells Gate had access to almost 110,000 accounts.
The group was banned from Discord in the meantime.
Ways Discord Malware Can Spread
With 250 million users and growing, Discord is a big target for hackers, spammers and other threat actors.
Different Discord security breaches have been popping up with more or less regularity since the platform launched.
Discord is continually making efforts to protect its (honest) users from threat actors, like with this message they sent out to a user a couple of months ago (from Reddit):
Or, having a security bug bounty that users would be able to submit any security vulnerability on Discord that they find.
Unfortunately, despite all of these and more efforts, from time to time we see (and will see more in the future) examples of Discord security breaches like the three we mentioned here.
So how are Discord hackers able to spread their malicious software?
There are two main ways they do this:
- Through a corrupted installation file
Discord allows its users to modify JS files. This also means that a hacker can inject the code to the Discord client files if they somehow obtain the user’s login credentials.
The problem with this type of attack is that it’s very difficult to discover and antivirus likely won’t help. The good news is that the user can manually see if their files have been modified (like in the two examples above) and Discord itself will warn you of this if it discovers that the files have been modified while it’s updating.
- Through Discord
Another way for Discord hackers to spread malicious software is through Discord itself. The platform allows its users to upload files and then share it externally via links.
Although “sharing is caring”, Discord users should still be careful not to open links from someone they don’t know or trust.
In addition, Discord provides tips against spam and hacking that you should follow if you are using it:
- Never click on unfamiliar or unexpected links.
- Never download unfamiliar files.
- Be careful about sharing personal information.
- Discord will only make announcements through our official channels.