The content delivery network (CDN) of voice and text chat platform Discord is increasingly being abused by criminals to spread malware, according to security researchers. Security firm Sophos writes that four percent of its malware downloads studied came from Discord in the second quarter of this year. Discord allows users to upload and exchange files. This has some advantages for cybercriminals, according to Sophos.
In total, Sophos found 14.000 malicious files on the Discord CDN and sees an upward trend. For criminals to place their malware there, all they need is a chat room that anyone can create for free. As soon as a file is uploaded, it ends up on cdn.discordapp.com. In this Google Cloud Storage, Trojans are then accessible from all over the world via a fast CDN.
Files can be accessed directly
Discord uploads files to its CDN, but no longer looses them.
The special feature: No login is required to retrieve the file. If the URL of the uploaded file is retrieved, the browser will directly ask if the file should be downloaded. If this URL is linked in an email, there is no warning message or anything else that could distract from the download.