This is why I run educational software (and VMware’s edusoft remote VM client) in native Mac VMs. Not surprised to see someone trying to abuse data harvesting from another country, too. Perhaps a report to Apple Security might be in order, to let them evaluate whether it’s an RCE/CNC scenario (we only have the telemetry detected so far!) and whether it deserves a malware kill worldwide. Though I’m surprised it’s allowed to access all those properties without a Permissions dialog. Maybe this will inspire Apple to finally let us deny Discord its system-wide data collection activity!

ps. UTM.app is a nice way to sandbox Discord, since it’s using the OS-level sandbox already in a way that prevents us from limiting it further with a .sb file. Takes some extra space, I suppose.