Can you imagine? An app literally named “Discord” being used for nefarious purposes? Nooo! Next thing you’ll tell me is that something called “ChaosBot” is a friendly productivity tool. Watch this video for more information:
So here’s the deal: I found a YouTube video walks us through how hackers are turning Discord—your favorite place for anime memes, crypto scams, and kiddy porn servers—into a malware command center. Why? Because if you’re going to commit felonies, you might as well do it somewhere that looks like casual gamer traffic & teen gossip boards.
Enter ChaosBot, a malware strain that treats Discord like Slack for cybercriminals. Each infected machine gets its own dedicated Discord channel, where the attacker can send commands like “send me all your files” or “dance, monkey, dance.” The traffic looks totally normal, so your security tools are like, “oh, just Jimmy playing Minecraft again.”
Delivery options include the usual Windows dark magic—WMI scripting, DLL sideloading, etc.—because Microsoft apparently thinks “security through obscurity” is a lifestyle choice.
And if you’re nostalgic, VenomRAT makes a cameo. It’s your classic “email attachment pretending to be a shipping invoice but actually a remote access trojan” situation. Oh, and it uses MEGA and Discord too, because criminals also enjoy cloud convenience.
The takeaway? Malware authors are done trying to be clever. They’re hiding in plain sight, buried inside traffic from AWS, Google, Microsoft Teams, Outlook, SharePoint, and anything else your company told you was “safe.” If your network monitoring tool says “everything’s fine,” it’s probably lying to protect your feelings.
The video also gives a shoutout to ANY.RUN, the sandbox they used to poke the malware like “what does this button do?” Spoiler: it’s never good.
Anyway, moral of the story: your Discord isn’t just for hot takes and “which Hogwarts house are you” quizzes anymore. It might also be running a botnet.
Sleep tight.
About the Author
