Security researcher: Criminals use Discord to distribute malware

Published by: MRT

Published on:

Security researcher: Criminals use Discord to distribute malware

According to security researchers, the content delivery network (CDN) of the voice and text chat platform Discord is increasingly being misused by criminals to spread malware. The security company Sophos writes that four percent of their malware downloads examined came from Discord in the second quarter of this year. Users can upload and exchange files via Discord. According to Sophos, this has a number of advantages for cyber criminals.

Overall, Sophos found 14,000 malicious files on the Discord CDN and sees an upward trend. So that criminals can place their malicious software there, all they need is a chat room that anyone can set up free of charge. As soon as a file is uploaded, it lands on In this Google Cloud Storage, Trojans can then be reached all over the world via a fast CDN.

The special thing about it: You do not need to log in to access the file. If you call up the URL of the uploaded file, the browser asks directly whether the file should be downloaded. If this URL is linked in an email, there is no warning or anything else that could distract from the download.

Even if the message with the file attachment is deleted on Discord, the file itself can still be accessed in the CDN, as heise online found out in a short test. And it gets even better: If you delete the so-called “server” (actually a created, administrative room) on Discord with all messages, channels and users, the file was still available to us in the CDN.

The problem is by no means new. According to Sophos, a lot of malicious software landed on Discords CDN last year. Discord has not changed the basic functionality, but relies on reports from users and scans itself for malicious code. However, malware cannot be easily distinguished from non-malicious software without fully analyzing its behavior.

Among the files found by Sophos were some malware families that intercept stored login data or ensure that the attacker can remotely control the affected computer. We therefore recommend that you be particularly careful when downloading files.


Article Source

Disclaimer: This article is generated from the feed and not edited by our team.