loader image
Shadowy hacker desk with laptop, binary streams and chat-node web suggesting NodeCordRAT uses Discord as C2, masked figure.
NodeCordRAT Uses Discord to Steal Chrome Data

A malicious tool dubbed NodeCordRAT uses Discord as a command-and-control platform to exfiltrate sensitive browser data. According to cybersecurity researchers, the remote access trojan targets victims through compromised NPM packages, primarily aiming to extract information from Google Chrome, such as login credentials, browsing activity and authentication tokens.

Distributed through seemingly legitimate JavaScript libraries, the malware executes post-installation scripts to grant system access. Once deployed, NodeCordRAT allows attackers to issue commands and monitor activities by leveraging Discord’s real-time messaging infrastructure. This makes detection and response more difficult compared to conventional command servers.

The campaign illustrates increasing abuse of collaborative developer platforms for spreading malware. Developers and users should remain cautious when downloading third-party libraries, particularly from unverified sources. NodeCordRAT uses Discord not just to control infected devices but also to automate the theft of private browser data, raising broader security concerns within software supply chains.

For the full report, visit:

Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages

Write a Reply or Comment

Your email address will not be published. Required fields are marked *