We have seen many strategies that cybercriminals can use to steal data and today we show you one more. It involves using emojis. Specifically, it is a malware called DISCOMOJI. It is capable of executing commands on infected devices and seriously compromising security and privacy. We are going to tell you how it works and what you should do to protect yourself and avoid problems.
These emojis are from Discord. They were discovered by a group of security researchers from Volexity. They currently affect Linux users. However, we could encounter similar threats that may also be present on other operating systems, such as Windows.
Malware via emojis
This threat targets Linux systems using the BOSS distribution. However, it could affect other distributions as well. It is written in the adaptable Golang programming language. What they do is use Discord emojis to control infected devices. This gives this malware a peculiarity.
Unlike most malicious apps, which send commands via words, this time they can send Discord-specific emojis and carry out different actions. There are many, as we will explain below. The clear objective is to take control of that device.
The way they infect the computer is through the installation of malicious software. The victim receives a fake document that will contain this modified file, which is actually the DISCOMOJI malware. When executed, it begins to steal data from that computer, as well as from any USB device that may have been connected. In addition, the malware will connect to a server controlled by the attackers. This is when they can start using emojis.
These emojis are very varied. They can be a person running, a camera, hand gestures, fire, etc. Each of them will perform an action. It can be taking a screenshot and uploading it to the server, downloading files from the victim’s computer, searching for files with a certain extension, etc.
But why do they use these emojis? One of the reasons is that they can go unnoticed for longer, so security measures could take longer to detect them. In addition, it can make it easier for cybercriminals to carry out different actions.
How to protect yourself
So what can we, as home users, do to avoid these types of attacks? Without a doubt, the best protection is to avoid making mistakes. Usually, these types of threats arrive through a malicious file that you can receive via email or when browsing websites. Never download files that may be suspicious.
It is also important to always have an antivirus installed. There are many options, so we recommend that you choose a reliable one that really helps detect malware and does not become a burden. You can read comments and ratings from third parties to avoid problems. You can scan documents with VirusTotal.
On the other hand, keeping your equipment up to date is going to be key. In many cases, they could take advantage of vulnerabilities and carry out attacks. Avoid having equipment with security flaws, regardless of whether we are talking about a computer or a mobile phone.
In short, a new malware can compromise security. In this case, it is malicious software that has the peculiarity of using Discord emojis to carry out multiple actions. Being protected is essential to avoid problems with threats of this type.
