From Discord Security Advisory
Jump to navigation Jump to search

MachineMania (distributed as MachineMania.exe) is payload that steals cookies and password combinations from the Google Chrome browser. While it has been seen distributed as a standalone executable, it is most often found as a second-stage payload[1] of the Node Bootstrapper malware.

Language Python
Obfuscation PyArmor (Super Mode)
Behvaior Browser secrets
Lasting Effects None observed
Send Method Discord Webhook (through run argument)



MachineMania.exe has been distributed as a standalone executable, but has also been called as an additional payload in distributions of the Node Bootstrapper executable.



The executable is made with PyInstaller and obfuscated with PyArmor in Super Mode.


MachineMania.exe will silently run in the background and collect password and cookies from the Google Chrome browser only, although other Chromium browsers do not seem to be affected as its scope is deliberately cut by what appears to be a paywall.

MachineMania.exe webhook message
The message sent to the malware operator via a Discord webhook

Lasting Effects

MachineMania has not been observed to leave any lasting effects such as keyloggers or embedded JavaScript. After it has sent its stolen data, it will simply close itself. If it cannot find Chrome, it will crash.