Severity scale:  

Remove Discord virus (Virus Removal Guide) - updated Nov 2019

removal by Jake Doevan - - | Type: Malware

Discord virus is a type of malware that infiltrates the system via chatting application to steal personal details or passwords 

Discord virus
Discord virus is a combination of malware that is distributed via the VoIP application Discord
Discord virus is a set of malware distributed via the voice over internet protocol (VoIP) application Discord. The application itself is legitimate and often used by users to communicate while playing online video games, and is also popular among the security research community. Unfortunately, bad actors also create chat servers that are hosting malware.[1] Users who get tricked into infecting their machines with Discord virus in the form of trojans or worms are putting their sensitive information at risk, as well as have an increased chance of getting infected with other malware.

Questions about Discord virus

The social media platform name and even functions get misused by cybercriminals because they have modified many features of the application like private groups that function as retail shops or even alter the core files and spreads additional malware that triggers malicious activities once the altered version of Discord gets launched on the system. Spidey Bot malware spreading through this application was the more recent versions of malware targeting all those 250 million users all over the world.

Name Discord virus
Type Malware
Most commonly distributed types RAT (Remote Access Trojan), phishing campaigns, backdoors, info-stealing malware
Malware examples NanoCore, SpyRat, njRAT, OSX.Dummy, virus, Discord gg ga virus, Spidey Bot[2]
Distribution Malicious attachments, drive-by downloads, social engineering, phishing campaigns, direct messages on the application itself
Main dangers Malware that can be distributed via this application can record passwords, credit card details, personal information, and other sensitive data from the program and directly from the machine; such infiltrations also might result in other malware infections
Symptoms Trojans or backdoors rarely emit any symptoms, but users might experience computer crashes or freezes, slow operation, error messages, etc. If phishing links via the DMs are clicked, the access to the account is blocked and used for spreading the fake messages further
Detection and elimination Install professional anti-malware tool to check the system and remove Discord virus completely

When it comes to any social media or applications, malicious actors always target users with scams and phishing attacks. Discord is no exception. For years, since the initial appearance of this social network, it was known that various messages surface the DMs (Direct Messages).

One of the most prominent examples is the so-called virus, otherwise known as Discord gg ga virus, where malicious actors promise users a free Discord Nitro subscription and redirect them to a spoofing site that harvests the login details. These are later used in a further phishing scheme that can lead to serious privacy issues.[3]

Most of the malware that is delivered via Discord is Remote Access Trojans[4] (RATs). These malicious applications are installed with users' permission, although victims are not aware of it (typically phishing techniques are used to make the user click on malicious links or attachments). As soon as Discord malware is settled, it grants itself administrative rights, and the host system is used to distribute the RAT even further – that is how a botnet is established.

RATs that are common in Discord virus attacks include:

  • NanoCore (Trojan.Nancrat)
  • SpyRat (Backdoor.Ratenjay)
  • njRAT (W32.Spyrat)
  • OSX.Dummy

All the viruses mentioned above are capable of various malicious activities on the targeted PC, including monitoring the behavior of the victim, recording keystrokes, taking screenshots, using the webcam to record the video, formatting drives, starting or shutting down various system processes, as well as installing additional malicious files on the system. Before that happens, users are advised to regularly scan their machines using security software and take care of Discord virus removal if it was detected on the device.

Additionally, certain hacking tools are being advertised as legitimate. Malware authors claim that the hacking tool can allegedly steal passwords of other Discord users. However, as soon as victims agree to download the application, they become victims of a phishing attack itself and get scammed. The unfair users are then hit with malware that is capable of stealing personal information and distributing RATs even further. Discord malware
Discord virus is malware that is capable of stealing sensitive information for targeted users

Discord Spidey Bot virus

October of 2019 came out with new reports about malware involving Discord chatting platform. New piece of malware dubbed Spidey Bot was discovered affecting Windows Discord clients with the altered code version of the application. Reports revealed that the fact about functionality derived from HTML, CSS, and JavaScript allows malware creators to modify important core files to execute malicious behavior once the real Discord is closed and the malicious one restarted instead. 

It is suspected that particular malware travels around via chats and posing as cheats for games while initially installing malicious software. It is hard to tell if you have this malware on the system since it has no distinct symptoms and doesn't alter particular features on the machine. 

This Spidey Bot injects itself into Discord's code and targets to steal usernames, email addresses, IP addresses, phone numbers, Discord information, payment details. Also. threat copies the last 50 characters saved in the clipboard. Unfortunately, that is the biggest issue that can pose danger to your identity and privacy because passwords, credit card credentials and similar information that may be copied there can be used in secondary scams and malicious campaigns.

The best method that helps to remove Discord malware is anti-malware tools and full system scans, but you can also check to see if the virus is running on the system. Spidey Bot mainly targets these files in the Discord folders: %AppData%\Discord\[version]\modules\discord_modules\index.js and %AppData%\Discord\[version]\modules\discord_desktop_core\index.js. Open each of those using Notepad: one line of code should be in both of them when there is more than a single code line, you can be sure that Discord build on your PC is compromised.  Discord virus phishing campaign
Discord virus is the term used to describe various malicious campaigns spreading on this network including phishing campaigns and malware dropping.
Targets of Discord virus are usually gamers and video streamers. The latter ones often employ the program to stream gaming sessions for entertainment purposes. The hackers often target personal information that is related to online gaming, such as:

  • Login credentials;
  • In-game currency;
  • Contacts;
  • Items, etc.

This data can be used for monetary benefit in the same way it is used by hackers when they steal private information like name and surname, address, email, social media credentials, etc. (which can also be harvested by cybercriminals in the process).

As evident, these actions pose serious personal safety concerns and can result in identity theft or money loss. To make sure you are not a victim of such a consequence, better remove Discord virus as soon as possible. For that, you should install reputable security software such as Reimage Reimage Cleaner or Malwarebytes and perform a full system scan. Security researchers[5] warn that RATs can disable anti-virus programs in some situations, so starting the computer in Safe Mode with Networking is an option.

Fake DMs prompt users to click on phishing link

The campaign starts with a direct message from somebody in the friend list, which prompts users to open a fake link – it seems to be connected to the Official Discord site. Unfortunately, when looking closely, you can see that this website is discord dd dot ga – a mockup of the official social network page. The phishing message claims that you can get the Discord Nitro for free, which is obviously a scam.

Unfortunately, by falling for the virus, you allow scammers to obtain account information that can be used to spread the campaign further. The embed of the Discord link is forged, and the redirect leads to a site that records information. In other words, if you are receiving a link from your friend that prompts you to click on a link, it means his or her account got hijacked in this exact way.

Here's what the phishing message from discord gg ga virus looks like:

Yo, friend gave me a referral link to get Discrod nitro for free
It worked on my alt, but you can only apply one per IP So try it out 🙂
If you already have nitro it will give you the next month free

Once the malicious link is clicked, it brings you to the spoofing site,[6] which asks you to enter their login information to receive the Discord Nitro for free allegedly. Hackers then lock you out of the profile and can DM other server members, group chats with all the malicious links. You can make a new account and try to inform as many people in your circle to let them know about the phishing campaign.

You can attempt to log out these people from the account by changing the password and enabling the two-way-authentication. Don't fall for the scam when you receive a message from a friend or a person you know and inform that friend has a virus and a compromised account.

Although the domain got banned by the company itself; this campaign might repeat itself via other malicious sites. Keep the machine clean from such threats and eliminate damage by scanning the system with Reimage Reimage Cleaner . You can use other tools, base the selection on the malware detection rate.[7] Discord network virus
Discord virus is the threat that delivers possibly malicious links in DMs and infects the system further if clicked or not terminated in time.

Discord – a chat program that rapidly gained popularity

Many users used chatting programs since mIRC and ICQ times, later turning to Skype and Facebook messenger. Gamers used TeamSpeak, Mumble, and Ventrilo for their communications, but often required players to share various IP addresses and/or were not free to use and were resource-heavy, which is a huge disadvantage when playing games. 

Thus, Discord was created in 2015 as an alternative VoIP application that is lightweight, innovative and user-friendly. Additionally, it was supported on multiple platforms, including Windows, Android, macOS, iOS, Linux and web browsers. The simplicity of Discord is what added to its popularity, as any user can create a server or a group in just a few seconds. Thus, the popularity of the app grew, and by May 2018, it was used by 130 million users worldwide.

Unfortunately, bad actors reacted to the booming fame of the app and were well prepared to use Discord malware for their malicious deeds. While some criminals hosted viruses on the created servers, others use the platform as an alternative to the black marked on Dark Web and sell sensitive information or malware.

Ways Discord virus is distributed

Discord users can upload files like pictures, videos, and other attachments on the application using the chat feature. Since the app allows anybody to upload almost all kinds of data, malware authors can use the feature to their advantage. While the Discord team applied additional security measures over time, Discord malware is still prevalent and should be taken seriously.

Discord phishing

Users are merely baited to open the malicious attachments in sophisticated phishing attacks via the chat function on the created servers. Some attackers don't even have to create their own servers, as they can manually post the virus on the server they have been invited to.

To avoid dangerous consequences of the data-harvesting malware, users should never click on suspicious links in chats, even if they are coming from people on their friend list. Users reported that certain instant invite messages were turned into malicious links without their knowledge.

Remove Discord virus from your computer

To remove Discord virus from your computer, you will have to employ reputable security software. Remote Access Trojans often use obfuscation techniques and show no symptoms of presence whatsoever. Therefore, detecting malware without using professional tools might be impossible. 

Download Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes for the effective Discord virus removal. Make sure that the security software is up to date before performing the scan. In case the malicious software prevents you to start anti-virus correctly, enter Safe Mode with Networking as explained below.

do it now!
Reimage Happiness
Reimage Cleaner Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Reimage Cleaner, submit a question to our support team and provide as much details as possible.
Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage Cleaner, try running Combo Cleaner.

To remove Discord virus, follow these steps:

Remove Discord using Safe Mode with Networking

In case Discord malware is blocking security software from working properly, enter Safe Mode with Networking the following way:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Discord

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Discord removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Discord using System Restore

To stop the virus from operation, use System Restore function:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Discord. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner and make sure that Discord removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Discord and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions


Removal guides in other languages

Your opinion regarding Discord virus