Discord 'Spidey Bot' Malware Is Stealing Usernames, Passwords

(Image credit: Sharaf Maksumov/Shutterstock)

Hey, gamers and alt-right trolls -- a new Discord piece of malware is coming to get ya!

Called "Spidey Bot" by its discoverers, the Windows malware injects itself into Discord's code and steals your username, email address, IP address, phone number and Discord user token. 

The malware also copies the first 50 characters of your Windows clipboard, which might contain your password if you've copied and pasted it recently, and creates a "backdoor" so that more malware can be installed. Macs don't seem to be affected.

If you're not familiar with Discord, it's chat software often used by PC gamers that has also been picked up lately by people who've been kicked off Reddit and Twitter for particularly unsavory comments. 

It's not totally clear yet how the Discord malware gets on your machine. Malware researcher Vitali Kremez suspects it's being passed around in Discord chats as cheats for Roblox and other games. Kremez told Bleeping Computer two files names he'd seen were "Blueface Reward Claimer.exe" and "Synapse X.exe". 

Unfortunately, you won't be able to tell if your Discord application is infected. [UPDATE: It turns out you can -- see the end of this story.] Even if you do, you'll have to delete the Discord software and reinstall it to make sure you're clean. All you can do is make sure you're running the best antivirus software, which should block the malware.

Discord itself doesn't seem to be too helpful in responding to user concerns.

But sadly, Discord is right. There's not that much the software maker can do from its end at the moment, except maybe to tell people to access Discord on their phone or gaming console instead of on a PC or Mac. 

Discord's Windows and Mac client is built on Electron, a open-source framework that creates applications out of the Chromium web-browser engine and JavaScript. 

Like the desktop clients of other Electron-built apps such as Slack, Signal and Skype, the Discord desktop application is really just a big web browser, and it's going to run whatever JavaScript you feed it.

A couple of the Twitter complainers with whom Discord corresponded pointed out that Discord might want to encrypt certain parts of its JavaScript library. That might be a long-term solution, but it's not going to help anyone right now.

UPDATE: Bleeping Computer updated its own article on Spidey Bot with a method by which Discord users can check to see if their Discord desktop installations have been infected.

Spidey Bot targets only two files in the Discord application folder:

 %AppData%\Discord\[version]\modules\discord_modules\index.js 

and 

%AppData%\Discord\[version]\modules\discord_desktop_core\index.js

Open each of these files in Notepad. Each should have only a single line of code. If either has more than one line, your Discord build is compromised and should be uninstalled.

Bleeping Computer also proposed that Discord perform a file-integrity check every time the application is launched to prevent against further compromise. That feature doesn't seem to exist in the application right now, but it wouldn't be hard to add in a future software update.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Segway g30lp
Segway recalls 220,000 electric scooters - what to do if yours is on the list
Samsung Galaxy S25 Ultra vs S25 Plus vs S25
Satellite messaging on Google Pixel 9 and Samsung Galaxy S25 just landed on 3 more carriers
L-R: Claude (Marco Calvani), Danny (Colman Domingo), Kate (Tina Fey) and Jack (Will Forte) have their bags packed for Netflix's "The Four Seasons"
Netflix just teased a new comedy series starring Tina Fey, Steve Carrell and Colman Domingo — and we already have a release date
back of Iris Pixel 9a
The Google Pixel 9a is lacking one of the Pixel 9’s best safety features — here’s what we know
Razer Blade
Nvidia's DLSS 4 demo in a Razer Blade 16 with RTX 5090 gives me hope again for next-gen gaming laptops
Striped lawn
Expert reveals the kitchen waste item that can help you create a green and healthy lawn