It downloads a script that, at least right now, will turn around and grab cookies and passwords from browsers and send the data off to an discord webhook.
Hah. Is this true? I find it funny since IRC has/had this reputation for being a means of communication with malware and it's often blocked on this grounds.
Nice to know that malware is going on with the times and is using Discord for that now.
Discord is great as command and control server because the malware author doesn't need to expose their ip address or implement a complex web of proxy to secure their C&C server.
I suppose you could, but have you seen how popular new opensource projets being run these days? Young devs really loves discord to the point of hosting documentations there. I imagine young malware authors are no different.
If I hosted malware, I would be in jail. It is against the law. I wonder why Github is allowed to host malware, and continues to provide a platform for it?
It's a slew of checks for passwords and other things on the developers machine. The data is extracted and sent to a remote endpoint controlled by the attacker.