New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.
ChaosBot exploits Discord and phishing to infiltrate networks, while Chaos-C++ adds data destruction. According to eSentire, a Canadian cybersecurity company, the malware was first detected in late September 2025 within a financial services customer's environment.
"Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'"
eSentire said in a technical report. The company noted that the attackers used the compromised account to execute remote commands across systems in the network, facilitating the deployment and execution of ChaosBot.
- ChaosBot is noteworthy for its abuse of Discord for command-and-control (C2).
Author's summary: New malware ChaosBot uses Discord for control.