Proof of concept for executing code thats hidden within images which someone could send you on discord.
This project is a proof of concept and only provided for academic research.
Do not use it for any other means.
Discord is using Electron for its Desktop Client,
which in turn uses the Chromium Embedded Framework for caching purposes.
Images within a certain size that sent to you or any server are saved unchanged and uncompressed in a folder on your computer.
This allows other "legitimate" tools that you might use to scan the cache folder for images containing a payload.
In this proof of concept im using my other basic steganography tool Nyx to inject a DLL into a png.
This png is being sent to the victim and the payload is being extracted and executed through the loader in this project.
For an example see this video (If you dont care about the how or why then skip to 4:07)
The issue with this caching behavior is that sites like VirusTotal see no problem in an executable
that keeps scanning cache folder of discord (or any other electron based app) for changes and pulling out the data.
Any legitimate looking app thats community made could do this and get almost 0 positive results on VirusTotal.
If you are using discord and you're also using some non official tools from private persons,
they could send you an image and execute any arbitrary code on your machine that was hidden inside the image.
This works for any electron based app, so something like Microsoft Teams is also affected.