What Is the DISGOMOJI Malware?
Volexityuncovered the DISGOMOJI malware in June 2024, linking it to a Pakistan-based group tracked as UTA0137.
The malware targets Linux devices using the BOSS distribution, mainly used by Indian government agencies.
However, the most interesting part of DISCOMOJI is its use of Discord emojis to control infected devices.
How Does Emoji-Controlled Malware Work?
First, the malware has to be installed for the attacker to gain control of the target rig.
This command receives an argument, which is the command to execute.
This command receives one argument, which is the path of the file.
Index Pointing Up
Upload a file to the victim’s rig.
The file to upload is attached along with this emoji.
Backhand Index Pointing Right
Upload a file from the victim’s machine to Oshi (oshi[.
]at), a remote file-storage service.
This command receives an argument, which is the name of the file to upload.
Backhand Index Pointing Left
Upload a file from the victim’s unit totransfer[.
]sh, a remote file-sharing service.
This command receives an argument, which is the name of the file to upload.
Fire
Find and send all files matching a pre-defined extension list that are present on the victim’s gadget.
These files can be retrieved by the attacker at a later time.
Skull
Terminate the malware process usingos.Exit().
It’s cute but strange to think the emojis you use every day are being used to control malware.
Is There Any Point to Emoji-Controlled Malware?
So, if persistence is the name of the game, using emojis could be useful.
Still, always keep your devices up to date, as you never know what threat might appear next.
