Hackers use emoji to dispatch malware — and even governments are being attacked, so be on your guard

Cyberattackers are maximising efficiency using emoji and Discord mods

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Potentially dangerousmalwarethat allows threat actors to communicate with command and control (C2) servers using emojis sent via Discord has been highlighted as a key element of recent cyberespionage attacks on Indian government entities.

Thereportfrom cybersecurity firm Volexity reveals the Disgomoji malware is currently used exclusively by a Pakistan-based threat actor that the firm is tracking as UTA0137.

Though Disgomoji is a modification of ‘discord-c2’, a previously known public project, it seems to be specifically targeting the Indian government, owing to its laser-focus on systems running theLinux distributionBOSS.

Emoji and malware

Volexity believes that Initial access to Indian government infrastructure was secured viaphishing attacks. From there, UTA0137 could communicate with their target servers via emojis posted in dedicated command channels in a Discord server.

More broadly, Disgomoji can survive reboots, and copy files back and forth between connected USB devices and local system folders so that they can be leveraged by an attacker later.

The emojis used to execute commands on a server are straightforward. For instance, the ‘camera with flash’ emoji takes a screenshot, ‘Backhand Index Pointing Down’ downloads a file, ‘Fox’ zips all firefox profiles on a target device, and so on.

UTA0137’s Disgomoji attack campaigns date back as far as mid-2023. Discord’s ability to bring down the offending servers are hampered by the way the malware manages tokens, allowing the attacker to simply update the client configuration to keep the operation going.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Given this, Disgomoji’sopen sourcenature, and its features that seem tailor-made for espionage, it’s possible that further strains could be used in future attack campaigns aimed at governments.

More from TechRadar Pro

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

Nokia confirms data breach leaked third-party code, but its data is safe

Best CDN provider of 2024

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!