“ChaosBot” malware turns Discord into a hacker command center

Published: 13 October 2025
Last updated: 13 October 2025
A broken trojan image.
Image by Cybernews

New ChaosBot malware is spreading across Discord, with Chaos-C++ targeting large files and clipboard data for quick victim pressure.

When you hear a name like “ChaosBot,” you wake up and take note. But what is it?

ChaosBot is an elaborately named virus that was found in late 2025 in a financial firm's system.

ADVERTISEMENT

The name came from the hacker or threat actor who called themselves chaos_00019. They used a new programming language, Rust, and often managed to bypass advanced antivirus tools. Hackers can control the ChaosBot through Discord, a chat app popular with gamers. Subsequently, they can send commands directly to infected PCs.

A pair of creepy eyes peering over a computer keyboard.
Picture Alliance via Getty

Once a victim opens the phony PDF from the so-called “Bank of Vietnam,” which acts as a distractor, it runs a hidden PowerShell command and implements a malicious DLL (dynamic link-library.)

The malware was discovered by cybersecurity experts at eSentire, which explained in the report, “Further analysis of victim demographics suggests that ChaosBot operators mainly target Vietnamese speakers, albeit not exclusively.”

In turn, a private chat is activated on Discord that’s eponymous with the infected computer, and now the hacker effectively has a control panel for the victim's operating system.

ChaosBot is able to take screenshots, steal files, and run any type of command it so wishes. This kind of activity is especially hard to monitor, because it’s designed as standard-fare Discord traffic.

There’s a malware strain labelled C++ that runs like ransomware. It encrypts swathes of data, deletes large files permanently, and thus expedites financial fraud. Think of it like a pressure tactic to pay a large ransom.

Lines of computer code, complemented with the word "locky" between numbers.
SOPA via Getty Images
ADVERTISEMENT

It can also switch bitcoin wallet addresses and plunder crypto, without the casualty knowing until it’s too late. The Chaos-C++ element can be hidden within fake programs and “AI tools” such as ChatGPT installers and system optimizers.

Therefore, businesses and even everyday users need to be particularly vigilant about clicking on unfamiliar files and PDFs. Discord may not have originally been built for hacking, but its open terrain makes it easy to abuse, as in the case of ChaosBot.

“Organizations should avoid assigning excessive privileges to remote access accounts, configure mandatory multi-factor authentication, enforce strong password complexity requirements, and partner with a 24/7 multi-signal Managed Detection and Response (MDR) services provider for total attack surface visibility,” advised experts at eSentire.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT