✅ did i install a malware?
hello there i was trying to find a screen recording app on github so i found this repo and it had instructions and everything but the project was only an exe, so i installed it and i thought it was a false postive (i know im dumb)
anyway after then when i tried to open the exe file nothing appears at all, so i figured it is a malware or something, then i tried to unpack the exe so i searched for methods to decompile and eventually i happened to find an app called dotpeek, i managed to decompile the app and eventually found the source code and it was this as shown in the picture below, i dont know what information from me was stolen, but i am here to ask what is a discord rat what does this even mean whats the purpose of this porject if anyone knows
also the app included the token of the discord bot and a guid id, what can i do with these
55 Replies
report it to discord and stop clicking sketchy links or running sketchy programs
without seeing the rest of the code i would guess it tries to either steal your discord token and/or send messages from your account
or it's the other way and they're using a discord server as a way to run commands on your PC
what do i do with the bot token and the guild id that i retrived, i am a complete beginner, is it legal to login into it and find what information is there or do i just report it to discord
you're better off just reporting it
give them that information so they can shut down the server and whoever made the malware
RAT is an abbrev. for Remote Administration Tool, yes, it's a cover name for a certain type of a trojan since the late 90s
and here's a legitimate screen recorder https://obsproject.com/
Open Broadcaster Software | OBS
OBS (Open Broadcaster Software) is free and open source software for video recording and live streaming. Stream to Twitch, YouTube and many other providers or record your own videos with high quality H264 / AAC encoding.
RATs are the worst kinds of malware after ransomwares of course.
As your PC turns into a Zombie basically. The attacker gains full control of your machine. If it's truly a "RAT" and not some person unaware of its meaning and just heard about it.
It's basically if you had TeamViewer on 24/7 and they can access everything
i'd rather be ransomwared than have someone have access to my machine
RATs can be recovered from, you're toast with ransomwares
if you keep backups then the recovery from a ransomware attack is just wiping your machine and restoring from a backup
Just check autostart, temp directories, etc.
Sysinternals
autoruns
is a great tool for thatjust out of interest, how do you get from screenrecoder to something discordrelated?
i mean even the assembly is called discordrat
what do you mean
ah
probably pasted in multiple applications
when you want to download a screenrecorder, and you download something expecting a screenrecorder there should go all alarms up if what you download is called discord***
Autoruns for Windows - Sysinternals
See what programs are configured to startup automatically when your system boots and you login.
Install this
Delete everything that does not belong
malwarebytes wouldnt hurt aswell
well im no expert in computer science but the exe and the repo instructions has nothing to do with discord except for the code itself
i also found something interesting
" + input + "
and
this string
yes, it probably hijacks your discord account to spam messages to spread the malware
and 100% allows the attacker to control your PC
so you should get rid of this software asap using the tools the others mentioned
if you're lucky it's not particularly embedded in your system and you can just delete it
which, if they're using a discord server as a C&C server they're probably not smart enough to make it very persistent
Buddy
As your PC turns into a Zombie basically. The attacker gains full control of your machine. If it's truly a "RAT" and not some person unaware of its meaning and just heard about it.
Quoted by
<@203166497198047232> from #did i install a malware? (click here)
React with ❌ to remove this embed.
hmm why did nobody recommend removing internetconnection yet?
so it cant infect potentially other devices + no remote access
Good question
at the beginning it was almost impossible to simply delete the file but i managed with norton antivirus
Boot up in safe mode, no internet. Run malwarebytes, after that run autostart and start deleting suspicious entries
and then delete Norton because it's overflow and windows defender today is enough, it's actually good, not like 10 years ago
and run malwarebytes for spot checks every now and then, that's it
and after that never download random exes, that's internet 101
you should also report that repository to github if that's where the executabnle is hosted
does github even care
very much
yes
yes
using their site to distribute malware counts as abuse
just did a random search on github for discord rat.. well.. ms has to do some cleanup
one extra question, about the dotpeek, does it actually decompile or just gives a c# representation of the binary
i am going to reset my pc anyway
I hope you mean clean install
reinstall os
it does decompile as best as it can.. it only has the information stored in the assembly but dotnet apps are pretty easy to decompile
because to me, resetting != clean install
dude i have his bot token lol
im not completely sure if its legal to do anything with it at this point, but the owner have literally done something terrible
report it
already did
im talking about using it to access the info about this malware though
before discord shuts it down
i bet the token doesnt matter too much, its just to get pings if a victim falls for the scam.
as you showed in another screenshot it wreaks more havoc beside sending couple messages via discord
probably has a server channel' contains a text list of victims
why are you still here?
go fix your pc to not be a potential hazard
that's exactly what decompiling is
it translates the IL into equivalent C#
im on a diff pc
which is why you should report it to discord so they can handle it
not to be rude but you ignored your AV and installed a RAT, you shouldn't be trying to get justice yourself
yeah sent a ticket
That's not possible.
The token gives you access to the bot account... The application on discord. But it doesn't give you access to the code they use the token with.
I personally would spam the authors channel with the bot so the author is forced to regenerate bot token and then all their malwares stops working
Unknown User•6mo ago
Message Not Public
Sign In & Join Server To View
oof