undefined | Better HN

0 pointsAurornis1y ago0 comments

Did you read the linked article? The template they’re duplicating phones home via Discord.

I’m not saying every malware uses Discord. I’m talking about the article.

0 comments

i did, in fact, read the article. you said "a simple script to download these repos". the variety of malware would make the script not so simple, and not so effective.

AurornisOP1y ago

> the variety of malware would make the script not so simple, and not so effective.

The article is about using scripts to identify and download the malware. They identified over 1000 matching repos, which would contain Discord webhooks in the script.

Scanning and identifying has already been done. That’s literally what the article is about.

It’s right in the second paragraph:

> As soon as you download and launch any of these, all the data from your computer is collected and sent to some discord server

catsma211y ago

yes, they identified spammy repos. you'd also need to identify which repos belong to which spammer groups, it's not just one person doing this (as mentioned in the article) -> they don't use the same malware. saying "sent to some discord server" is like saying "playing games on my nintendo". the malware is also obfuscated (as mentioned in the article) which makes identifying the home server harder with static analysis.

why don't we just send bad people to jail?

1 more reply

j / k navigate · click thread line to collapse

0 comments

catsma211y ago

i did, in fact, read the article. you said "a simple script to download these repos". the variety of malware would make the script not so simple, and not so effective.

AurornisOP1y ago

> the variety of malware would make the script not so simple, and not so effective.

The article is about using scripts to identify and download the malware. They identified over 1000 matching repos, which would contain Discord webhooks in the script.

Scanning and identifying has already been done. That’s literally what the article is about.

It’s right in the second paragraph:

> As soon as you download and launch any of these, all the data from your computer is collected and sent to some discord server

catsma211y ago

why don't we just send bad people to jail?

1 more reply

j / k navigate · click thread line to collapse