Security researchers: criminals use discord to spread malware

Security researchers: criminals use discord to spread malware

The content delivery network (CDN) of voice and text chat platform Discord is increasingly being abused by criminals to spread malware, according to security researchers. Security firm Sophos writes that four percent of its malware downloads studied came from Discord in the second quarter of this year. Discord allows users to upload and exchange files. This has some advantages for cybercriminals, according to Sophos.

In total, Sophos found 14.000 malicious files on the Discord CDN and sees an upward trend. For criminals to place their malware there, all they need is a chat room that anyone can create for free. As soon as a file is uploaded, it ends up on cdn.discordapp.com. In this Google Cloud Storage, Trojans are then accessible from all over the world via a fast CDN.

Files can be accessed directly

Security researchers: criminals use discord to spread malware

Discord uploads files to its CDN, but no longer looses them.

The special feature: No login is required to retrieve the file. If the URL of the uploaded file is retrieved, the browser will directly ask if the file should be downloaded. If this URL is linked in an email, there is no warning message or anything else that could distract from the download.

Even if the message on Discord with the file attachment is deleted, the file itself is still accessible in the CDN, as our site found out in a short test. And it gets even better: If you use the so-called "server" (actually a created administrative space) at Discord with all messages, channels and users, the file was still available for us in the CDN.

Free Malware Hosting

The problem is by no means new. Discord’s CDN has seen a lot of malicious software in the past year, according to Sophos. Discord has not changed the basic way it works, but relies on reports from users and scans itself for malicious code. But malware is not so easy to distinguish from non-malicious software without fully analyzing its behavior.

Among the files found by Sophos, there were several malware families, which can capture stored login data or allow the attacker to remotely control the affected computer. Therefore, we recommend that you pay special attention when downloading files.

Like this post? Please share to your friends:
Leave a Reply