A new Python-based Remote Access Trojan (RAT) has raised concerns within the cybersecurity community. It uses Discord’s API as a Command and Control (C2) server to execute malicious commands and steal sensitive data. The RAT exploits Discord’s vast user base to infiltrate systems, manipulate machines, and capture credentials from victims’ systems, especially Google Chrome’s local database. By leveraging message content intents, the malware can read messages, extract stored passwords, and transmit them back to the attacker through Discord.
Once the bot is initialized with elevated permissions, it can execute malicious commands and read all incoming messages.
The hardcoded token in the bot makes it a significant vulnerability, allowing attackers to gain unauthorized access. The RAT doesn’t only steal login credentials but also provides attackers with a backdoor shell. This allows attackers to issue commands on the compromised system, with results sent back through Discord. The ability to take screenshots using the mss library increases the malware’s surveillance capabilities.
The RAT also includes persistence mechanisms to maintain access even after system reboots.
The bot automatically reconnects, ensuring the attacker’s control is retained unless manually terminated. Additionally, the RAT can manipulate Discord servers by deleting and recreating channels to preserve its access. It also modifies startup registry settings to continue running after system reboots, which ensures the malware’s longevity. This constant presence in the system poses a significant risk to users and organizations.
To mitigate the threat, experts recommend implementing strong endpoint security, including antivirus and detection systems. Monitoring network traffic for unusual Discord-related activity is vital. Users must be educated about the dangers of downloading unverified bots, and organizations should restrict or closely monitor Discord usage to prevent unauthorized access. With cybercriminals increasingly exploiting trusted platforms, proactive defense strategies are essential to minimize damage and prevent such attacks.
