This Novel Malware Uses Discord Emojis to Steal Data (2024)

It often feels like once you've read about one type of malware, you've heard about most. But then a malware operator starts using emojis to communicate with its infected devices, and you have to pay attention.

First discovered by security research outfit Volexity, the DISGOMOJI malware has a unique identifier: it uses Discord emojis to execute commands on infected devices.

What Is the DISGOMOJI Malware?

Volexity uncovered the DISGOMOJI malware in June 2024, linking it to a Pakistan-based group tracked as UTA0137.

The malware targets Linux devices using the BOSS distribution, mainly used by Indian government agencies. Theoretically, though, it could be used against any Linux distribution and is written in the adaptable Golang programming language.

However, the most interesting part of DISCOMOJI is its use of Discord emojis to control infected devices. Instead of sending commands using words, as you find with most malware, the DISCOMOJI operator can send a specific Discord emoji to prompt an action.

How Does Emoji-Controlled Malware Work?

First, the malware has to be installed for the attacker to gain control of the target device. The target device is sent a fake document containing the malicious file, which, when executed, downloads the DISCOMOJI malware. When launched, DISCOMOJI steals data from the target machine, such as its local information, user names, hostname, the directory the malware is installed in, and data from any connected USB devices.

Then, the malware connects to a Discord server controlled by the attacker, phoning home to wait for new instructions. The attackers use something called discord-c2, an open-source command and control project that uses Discord as the control point for infected devices. Once the malware connects to the Discord server, the attacker can use a range of emojis to prompt the malware, with a string of different parameters available.

The malware Discord emojis are summarized below:

It's cute but strange to think the emojis you use every day are being used to control malware.

Is There Any Point to Emoji-Controlled Malware?

Outside of making it more user-friendly, using emojis for command and communication could help the malware stay undetected for longer. Certainly, Discord may struggle to detect that its servers are being used to run a malicious C2 project if all it does is send commonly used emojis.

The way Discord tokens are managed by the malware makes it harder for Discord to act against the attacker’s servers, as the client configuration can simply be updated by the attacker when required.

So, if persistence is the name of the game, using emojis could be useful.

As for staying safe, this malware primarily targets a specific Linux distribution used in Indian government agencies, which means most regular folks have nothing to worry about. Still, always keep your devices up to date, as you never know what threat might appear next.