Security News > 2024 > June > New Linux malware is controlled through emojis sent from Discord
A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.
Its use of Discord and emojis as a command and control platform makes the malware stand out from others and could allow it to bypass security software that looks for text-based commands.
To control the malware, the threat actors utilize the open-source command and control project discord-c2, which uses Discord and emojis to communicate with infected devices and execute commands.
The malware will connect to an attacker-controlled Discord server and wait for the threat actors to type emojis into the channel.
"DISGOMOJI listens for new messages in the command channel on the Discord server. C2 communication takes place using an emoji-based protocol where the attacker sends commands to the malware by sending emojis to the command channel, with additional parameters following the emoji where applicable. While DISGOMOJI is processing a command, it reacts with a"Clock" emoji in the command message to let the attacker know the command is being processed.
While emojis may seem like a "Cute" novelty to the malware, they could allow it to bypass detection by security software that commonly looks for string-based malware commands, making this an interesting approach.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)