MalwareHunterTeam has discovered a remote access trojan (RAT) that uses Discord as its command and control server, Bleeping Computer reports.
The malware, known as Abaddon, begins its work by stealing cookies, credit card details, log-in details, discord tokens, and other important information – all of which is used to access the accounts of the victim.
Once it has managed to do this, Abaddon uses Discord as its command and control server and lets the malicious party decide which commands to execute on the victim’s device.
Possible commands the malicious party can execute include getting a list of the user’s drives, stealing files and other data, and opening a reverse shell – which allows the malicious party to execute more commands on the victim’s device.
According to MalwareHunterTeam, Abaddon connects to its command and control discord server continuously so that the malicious party can see if there are any new tasks it can execute.
This means the infected device is continually monitored for new ways the malicious party can execute attacks or steal data.
MalwareHunterTeam also believes that the group which created this malware is also developing ransomware functionality that will allow malicious parties to encrypt the target computer.
There is code that shows this is being worked on which can be found within the greater Abaddon code.
The big ransomware problem
The ransomware component of the Abaddon malware is among the most concerning, as ransomware is a destructive and lucrative form of malware that can cost businesses lots of money.
Because of this, ransomware has become increasingly prevalent recently, with the Sophos 2020 State of Ransomware Report claiming that over half of all organisations were hit by ransomware attacks in the past year.
The report also explained that 73% of these attacks resulted in the successful encryption of organisation data, while many ransomware attacks are supplementing this encryption with data theft.
“If the victim refuses to pay the ransom for decryption (because, say, the data was recovered from a backup copy), the attackers threaten to put the stolen confidential information in the public domain.”
While many of these threats turn out to be fake, some ransomware programs have actually followed through.