Cybercriminals tend to come up with more and more intricate ideas when it comes to developing threats. One interesting method used by cyber crooks is to utilize legitimate applications for their nefarious purposes. This is exactly what the creators of the Spidey Bot have done. The genuine application used in the case of Spidey Bot is the Discord messaging service. The creators of this threat have made sure that the corrupted code of the Spidey Bot is injected into Discord’s file. Once this has been completed, the Spidey Bot will reboot the messaging application to ensure that the corrupted modules will be up and running.
By Using the Electron Framework Cybercriminals can Plant a Bad Code
Capable of Collecting Information
The Spidey Bot makes sure to enable what is called a persistent backdoor by making use of the ‘webhook’ features of Discord, which are built into the application. Since the Spidey Bot is operating through Discord, it can access information such as:
- The Discord token of the victim, which is used as a means of authorization.
- Any payment information, which may be present on their account.
- Screen resolution.
- IP address.
- Time zone.
- Data regarding games and applications, which are linked to the victim’s account.
- Phone number.
- Email address.
- Data that may be stored in the Windows Clipboard.
It would appear that the Spidey Bot is being propagated via Discord messages. The attackers may offer their targets to initialize a file, which they present as a cracked application or a game cheat. If you have become one of the victims of the Spidey Bot, make sure you reinstall Discord. You also can try using an anti-malware application, but since the authors of the Spidey Bot have hidden it within Discord, it is likely that the application will be whitelisted by security tools because it is recognized as genuine service.