Security News > 2020 > October > New RAT malware gets commands via Discord, has ransomware feature
The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware.
In the past, we have reported on how threat actors use Discord as a stolen data drop or have created malware that modifies the Discord client to have it steal credentials and other information.
A new 'Abaddon' remote access trojan discovered by MalwareHunterTeam could be the first malware that uses Discord as a full-fledge command and control server.
When started, Abaddon will automatically steal the following data from an infected PC:. Abaddon will then connect to the Discord command and control server to check for new commands to execute, as shown by the image below.
Using a Discord C2 server, the threat actor can continually monitor their collection of infected PCs for new data and execute further commands or malware on the computer.
News URL
Related news
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Ratel RAT targets outdated Android phones in ransomware attacks (source)
- Rafel RAT targets outdated Android phones in ransomware attacks (source)
- Ransomware crews investing in custom data stealing malware (source)
- Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems (source)
- China-linked APT17 Targets Italian Companies with 9002 RAT Malware (source)
- Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs (source)
- Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware (source)