While it is not 100% sure how it is being spread, researchers think the attacker is using Discord messaging to spread the malware. If the installer is detected and removed, the modified Discord files will still remain infected and continue to be executed each time you start the client.
How to see if you’re infected
In order to check to see if you are infected, open the following: %AppData%Discord[version]modulesdiscord_modulesindex.js in notepad.exe
Confirm this data only says”module.exports = require(‘./discord_modules.node’);”.
Also check %AppData%Discord[version]modulesdiscord_desktop_coreindex.js to ensure it only includes “module.exports = require(‘./core.asar’);” string.
*you will have to enable “view hidden folders” on Windows in order see the AppData folder.
If either of these files display something else, you should uninstall and reinstall the Discord client.