Hackers inflicted malware on Top.gg's Discord bots to steal your data

Hackers targeted the Top.gg community and inflicted bots with malware

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Discord bot attacked by malware

Hackers targeted Top.gg, the Discord community with over 170,000 members. If you use the app, you might already know about the group. After all, they share many great bots you can use for various purposes, such as gaming, music, giveaways, management, and more. Thus, wrongdoers considered exploiting Discord bots to spread their malware and gain control over personal information from other groups.

In addition, the community promotes discord servers and acts like a store for the bots. Also, the platform enhances gaming experiences, provides moderation tools, and offers fun features for other gaming communities.

How did threat actors target the Discord Community?

To target Discord communities, threat actors used a supply chain attack. This method allowed them to sneak malware into the platform, affecting developers and other members. The ones responsible used various tactics in the past, such as stealing GitHub accounts, distributing malicious Python packages (PyPI), using a fake Python infrastructure, and social engineering. The main goals of the wrongdoers are to spread Discord bots with malware to steal data and sell it for money.

Unfortunately, according to BleepingComputer, cybercriminals started targeting the Discord community in 2022. At first, they used PyPI to upload malicious packages similar to open-source tools. While seeming legitimate, they contained malware.

As a result, some developers contacted the virus and got their accounts hijacked. Afterward, hackers altered the developer’s project files to spread the virus to other Discord bots. On top of that, they used fake dependencies to redirect the user to the attacker’s fake mirror. The fake mirror is a website or server that looks legitimate to trick you into downloading malware or sharing personal information.

Ultimately, wrongdoers target important Discord communities like Top.gg because other groups use their bots and tools. Thus, threat actors can use this opportunity to spread their malware and steal and sell our data. To defend against attacks, you can review your code, check the updates, scrutinize sources, and use code signing and multi-factor authentications. Furthermore, if you are a Discord server owner, consider verifying the bot’s reviews, ratings, and permissions.

What are your thoughts? How do you defend your community and work against cyber criminals? Let us know your practices in the comments.

More about the topics: Cybersecurity, Discord, Discord issues