Close this search box.
Close this search box.

Written by: Mike Yang

The developer of the Phonecord bot has disabled it for the time being after security researchers discovered that threat actors were using the bot for harassing calls, including some to federal law enforcement agencies.
Phonecord is a bot designed for use on the Discord communications app, which is used by gamers and others to communicate quickly and cheaply. Researchers at Flashpoint have been following some campaigns by attackers abusing Phonecord to make large numbers of harassing calls to victims.
“Although telephone bots in and of themselves are nothing new, Phonecord is relatively unique because it utilizes the social and communication application Discord, which enables users to make international calls directly and easily from the app’s voice chat functionality. And because those seeking to use the Phonecord bot have the option to pay for the service in Bitcoin, most users remain relatively anonymous,” David Shear of Flashpoint said in a post analyzing the campaigns.
After seeing reports of the abusive calls, the bot’s developers decided to shut it down indefinitely, and also said that he had removed the ability for people to pay for Phonecord anonymously.
“We had no intention for the bot to be used illegally and were actively blocking numbers prone to abuse. In retrospect it was irresponsible of me to allow Bitcoin payments. I apologize to all affected organizations. Many of the abusers made deposits via PayPal. We’re in the process of consolidating incidents of abuse and are more than willing to comply with law enforcement,” Ammar Bandukwala said via email.
In the terms of service on the Phonecord page, it says that calls to law enforcement and other abusive behavior isn’t allowed. Bandukwala said the bot was online for about two weeks and he is in the process of looking at numbers now to check for abuse.
“We are checking phone numbers for misuse in real time and are confident calls to police departments and other government organizations are not possible with PhoneCord,” he said.
Image: Zen Skillicorn, CC by-nd license.