Researchers from MalwareHunterTeam have discovered a new remote access trojan (RAT) called ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute.
Abaddon will attempt to collect the following data:
- file directory lists
- system information
- saved payment credentials
- multi-factor authentication information
It will then connect to hard-coded URL corresponding to a Discord chat server, which is used to pass commands from it’s operators. By default, Abaddon is able to:
- download and upload files or directories
- enumerate connected drives
- open a reverse web-shell
- send collected information.