Man
Professional
- Messages
- 3,051
- Reaction score
- 577
- Points
- 113
Experts from ASEC have identified a new Trojan that poses a serious threat. We are talking about a remote access program called PySilon, which uses the popular Discord platform to gain a foothold on infected devices.
Originally built for gamers, Discord today reaches a wide range of users and communities with its user-friendly real-time communication features. However, the flexibility of Discord's API also opens up opportunities for the platform to be used for malicious purposes. For example, bots working through this API can automate server tasks - from control to music playback, but in the hands of attackers they become an attack tool.
The PySilon Trojan exploits this potential by injecting itself through a Discord bot. Its source code, which is freely available on GitHub, is alarming because it makes it easier for anyone to distribute and configure malware.
PySilon is equipped with a special malware utility that allows you to configure parameters such as the server ID and the bot token. This data is written into the Python code and compiled into an executable file. When launched on the victim's PC, PySilon creates a new channel on the attacker's server and sends information about the system, including the IP address, there.
To gain a foothold on the system, the Trojan copies itself to the user's folder and makes changes to the Windows registry to run at system startup. In addition, PySilon has protection against running in virtual machines, which allows it to avoid analysis in a test environment.
Among the commands available to the attacker, for example, is "Grab", which is used to extract the victim's personal data: Discord tokens, browser history, cookies, and passwords. The Trojan can also record screen and audio using popular Python libraries and record keystrokes.
What's more, PySilon supports file encryption using the Fernet algorithm, creating encrypted copies of documents. However, unlike typical ransomware, the Trojan does not leave a ransom demand.
PySilon's open source code allows attackers to inject it into seemingly harmless bots. As the data is transmitted through Discord's official servers, it becomes more difficult to identify the threat to users.
The growing popularity of such projects available in the public domain indicates an increase in threats in cyberspace, which underscores the need for increased digital vigilance and the development of new methods of protection.
Source
Originally built for gamers, Discord today reaches a wide range of users and communities with its user-friendly real-time communication features. However, the flexibility of Discord's API also opens up opportunities for the platform to be used for malicious purposes. For example, bots working through this API can automate server tasks - from control to music playback, but in the hands of attackers they become an attack tool.
The PySilon Trojan exploits this potential by injecting itself through a Discord bot. Its source code, which is freely available on GitHub, is alarming because it makes it easier for anyone to distribute and configure malware.
PySilon is equipped with a special malware utility that allows you to configure parameters such as the server ID and the bot token. This data is written into the Python code and compiled into an executable file. When launched on the victim's PC, PySilon creates a new channel on the attacker's server and sends information about the system, including the IP address, there.
To gain a foothold on the system, the Trojan copies itself to the user's folder and makes changes to the Windows registry to run at system startup. In addition, PySilon has protection against running in virtual machines, which allows it to avoid analysis in a test environment.
Among the commands available to the attacker, for example, is "Grab", which is used to extract the victim's personal data: Discord tokens, browser history, cookies, and passwords. The Trojan can also record screen and audio using popular Python libraries and record keystrokes.
What's more, PySilon supports file encryption using the Fernet algorithm, creating encrypted copies of documents. However, unlike typical ransomware, the Trojan does not leave a ransom demand.
PySilon's open source code allows attackers to inject it into seemingly harmless bots. As the data is transmitted through Discord's official servers, it becomes more difficult to identify the threat to users.
The growing popularity of such projects available in the public domain indicates an increase in threats in cyberspace, which underscores the need for increased digital vigilance and the development of new methods of protection.
Source
