Security News > 2020 > October > New RAT malware gets commands via Discord, has ransomware feature
The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware.
In the past, we have reported on how threat actors use Discord as a stolen data drop or have created malware that modifies the Discord client to have it steal credentials and other information.
A new 'Abaddon' remote access trojan discovered by MalwareHunterTeam could be the first malware that uses Discord as a full-fledge command and control server.
When started, Abaddon will automatically steal the following data from an infected PC:. Abaddon will then connect to the Discord command and control server to check for new commands to execute, as shown by the image below.
Using a Discord C2 server, the threat actor can continually monitor their collection of infected PCs for new data and execute further commands or malware on the computer.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (source)
- We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain (source)