Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits the popular social platform Discord to maintain persistence on infected systems.
Discord, known for its real-time communication features, has become a hub for various communities beyond its gaming origins. However, its API capabilities have also made it a target for malicious activities.
Discord bots are automated programs that perform specific server tasks, ranging from server management to music playback.
As per reports by ASEC Lab, these bots are typically developed using programming languages like Python and JavaScript and interact with servers through the Discord API.
While they enhance user experience, they can also be manipulated for nefarious purposes.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
PySilon represents a concerning case where RAT malware is implemented using a Discord bot.
The full source code of this malware is available on GitHub, raising alarms about its potential spread. Communities on platforms like Telegram further facilitate its distribution and customization.
The PySilon builder allows users to customize the malware by specifying details such as the Server ID and bot token required for creating a Discord bot. This information is embedded into pre-written Python code and converted into an executable file using PyInstaller.
When executed on a victim’s PC, the malware creates a new channel on the attacker’s server. It sends initial system information, including IP address details, via chat. Each infected PC gets a dedicated channel, enabling the attacker to control it individually.
Upon execution, PySilon self-replicates in the user folder to ensure persistence. It adds to the system’s RUN registry key, guaranteeing execution at startup. The malware can also customize the folder name used for replication.
PySilon contains anti-virtual machine (VM) logic, which allows it to detect virtual environments and avoid execution within them.
Attackers can execute various commands through the created channels, enabling them to perform malicious activities such as:
PySilon’s open-source nature makes it easy for threat actors to integrate its code into seemingly benign bots. Since data transmission occurs via official Discord servers used for legitimate bot functions, detecting such malware becomes challenging for users.
The rise of open-source projects like PySilon highlights a growing trend of exploiting popular cybercrime platforms.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
Best DNS Management Tools play a crucial role in efficiently managing domain names and their…
Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…
SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…
In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…