Hackers are now using emoji to speed up their cyberattacks — how to stay safe

An emoji on a hacked phone on top of a laptop
(Image credit: Shutterstock)

Emojis have become quite popular over the last few years as a means to quickly express ideas and emotions. However, hackers have now devised a clever new way to use them in their attacks.

As reported by Cybernews, a group of hackers have figured out how to modify the popular messaging service Discord to use it for command and control (C2). Hackers using Discord in their attacks is nothing new but a report from the cybersecurity firm Volexity highlights how this group is using the service alongside a number of common emojis.

Earlier this year, the Indian government came under attack from a Linux malware called Digomoji. Apparently the hackers behind it hail from Pakistan and have used emojis for C2 communication in several successful espionage campaigns.

To gain initial access, the researchers believe the hackers responsible used phishing attacks and malicious documents as a lure. Once installed on a vulnerable system though, the Digomoji malware creates a dedicated channel in a Discord server with each victim having their own separate channel.

From here, Disgomoji sends a check-in message back to the hackers with the target machine’s IP, username, hostname, OS and its current working directory. To make matters worse, the malware maintains persistence and remains on an infected system even after a reboot.

While we don’t have to worry about this particular malware strain yet, how the hackers behind this campaign use emojis to speed up their malicious activities is incredibly interesting and it could be a tactic we see other threat actors copy going forward. 

Hacking with emojis

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Instead of writing out long strings of commands, hackers that have deployed Disgomoji onto a targeted system can use emoji to communicate with the malware instead. They send an emoji to the Discord channel for that particular target and the malware does the rest. However, Disgomoji uses the Clock emoji to let the hackers know a command has been processed and a Check Mark Button emoji is displayed when that command has been successfully carried out.

Here’s a table from Volexity with some of the other emoji used to communicate with the malware:

Swipe to scroll horizontally
EmojiEmoji NamePurpose
🏃‍♂️Man RunningExecute a command on the victim’s device
📸Camera with FlashTake a screenshot of a victim’s screen and upload it to the command channel
👇Pointing DownDownload files from the victim’s device and upload them to the command channel as attachments
☝️Pointing UpUpload a file to the victim’s device
👉Pointing RightUpload a file from the victim’s device to a remote file-storage service
👈Pointing LeftUpload a file from the victim’s device to a different remote file-sharing service
🔥FireFind and send all files matching a predefined extension list that are present on a victim’s device
🦊FoxZip all Firefox profiles form the victim’s device
💀SkullTerminate the malware process

Discord also isn’t able to disrupt Disgomoji’s operations due to the fact that once a malicious server has been banned, the malware is able to restore itself by updating its credentials from a hacker-controlled C2 server.

The malware also has additional features to carry out its operations which include scanning a victim’s network, network tunneling and accessing a file sharing service for download and hosting the data it has stolen. Surprisingly, Disgomoji can also pretend to be a Firefox update and it can even ask victims to manually type in their passwords.

How to stay safe from hackers

Best antivirus software

(Image credit: Shutterstock)

Even though this particular malware strain likely won’t be used to target consumers anytime soon, you still need to be on the lookout for hackers if you don’t want to have your bank account drained or your identity stolen.

The easiest and simplest way to protect yourself from hackers is by running up to date software. This is because hackers love to target users running older software which still contains unpatched vulnerabilities. Though it may be annoying, taking the time to install that new OS or Chrome update could save you from falling victim to hackers.

From there, you want to make sure you’re using the best antivirus software on your Windows PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your smartphone. 

If you have an iPhone, both Intego Internet Security X9 and Intego Mac Premium Bundle X9 can scan your Apple smartphone for viruses but it needs to be plugged into your Mac via a USB cable. The same goes for your iPad. The reason you need to resort to using Mac antivirus software to scan your mobile devices is due to Apple’s own restrictions when it comes to malware scanning on both iOS and iPadOS.

At the same time, you want to be extra careful when checking your inbox or your messages to avoid phishing attacks. Look out for emails or messages from unknown senders, avoid downloading any attachments or files and don’t click on any links they contain. You also want to avoid letting your emotions get the best of you since hackers often try to instill a sense of urgency to get you to act quickly and not think things through.

Hackers are always coming up with clever new ways to repurpose popular tools, software and services and now it looks like they’ve managed to do the exact same thing with emoji.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
A shadowy hand reaches for the word 'PASSWORD' displayed on a computer screen.
Fake video conferencing app is stealing passwords and spreading malware — how to stay safe
An email icon open on a laptop screen
New Google Calendar notification attack could be hiding in your inbox — here's how to protect yourself
Discord on a phone and a laptop
Almost 1 million Discord users just had their account details exposed in new RestoreCord data breach — what to do now
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
A picture depicting how banking trojans steal credit card data
Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this
Latest in Online Security
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
Poster of Elon Musk saying "I am stealing from you"
Elon Musk's DOGE blocked from accessing your data – and 3 in 4 Americans agree
A fake text message on a smartphone being held by both hands.
Toll road scams are worse than ever — what to look for and how to stay safe
Latest in News
Prime Gaming's selection of free games for March 2025
Amazon Prime is giving away these 20 games in March — get Fallout, Saints Row 3, and more free games now
Hugh Grant as Mr. Reed in "Heretic"
Max top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #371 (Sunday, March 9 2025)
Nintendo Switch 2
Nintendo Switch 2 price rumors and predictions — everything we've heard so far
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge latest leak hints at good news for pricing
Apple Intelligence logo on iPhone
Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'