Home Malware Programs Botnets Spidey Bot

Spidey Bot

Posted: October 25, 2019

It is not uncommon for cybercriminals to abuse the files of legitimate software suites to implant malware on the computers of their victims. One of the recent malware families that makes use of this strategy is called Spidey Bot, and it aims to make changes to the files used by Discord, a popular messaging and voice application that is usually used by gamers. When the Spidey Bot plants its code in a Discord file, it will restart the application to ensure that the corrupted modules will be loaded – one of the easiest ways to ensure that your Discord installation has not been infected is to reinstall it entirely. Of course, you also could attempt to resolve the issue by running an anti-virus application, but you should keep in mind that since the unsafe code is hidden inside a legitimate program, anti-virus engines may opt to whitelist Discord instead of reporting the issue.

A Popular Gaming Application Targeted by Malware

One of the motives why the attackers may have opted to go after Discord, in particular, is because this program is built on the Electron framework – an application-building toolkit that enables developers to build applications with the use of basic languages like HTML, CSS and JavaScript. This makes it much easier for the cybercriminals to embed corrupted code in Discord's files and have it run whenever the application starts.

The Spidey Bot uses Discord's built-in 'webhook' features to enable a persistent backdoor on the compromised computer. Thanks to the escalated access to Discord's features, the attackers can extract various information that Discord has access to:

  • Payment data stored in the Discord profile.
  • Username, email address and phone number.
  • Information about connected applications and games.
  • The user Discord token (used for authorization).
  • IP address, time zone and screen resolution.
  • Up to 50 characters from the Windows Clipboard – a major security risk that may expose sensitive data to the attackers.

Crooks may Use Discord to Spread the Corrupted Files

Cybersecurity researchers warn that the Spidey Bot might be spread via various Discord chats and private messages – the attackers are likely to advertise it as a game cheat or a cracked application. It is recommended to avoid downloading files from unknown sources or senders. Another important note is that 'Spidey Bot' is the default name used by one of Discord's webhooks – seeing this name in your list of Discord webhooks is not a guarantee that you have become a victim of this new malware. As mentioned above, if you want to be sure that your Discord installation has not been backdoored, you should reinstall Discord completely.

Loading...