A new cyberespionage campaign has been discovered by researchers, linked to the Pakistan-based malicious actor UTA0137. This campaign uses a new malware called DISGOMOJI targeting Linux operating systems. The malware communicates with infected devices and executes commands through the use of emojis in the messaging platform Discord.
Cybercriminals infect devices through Discord with DISGOMOJI, allowing them to execute commands, take screenshots, steal files, deploy additional software loads, and search for files. The malware uses emojis as a control method, bypassing security software that searches for malicious commands based on text, not emojis.
For example, specific emojis trigger commands on the victim’s device, such as taking screenshots, downloading and uploading files, and executing actions. A total of 9 different emojis are used, including fire, fox, skull