A piece of good news. The popular Discord reaches a new height as it crosses over 150 million active users. According to a report from the Influencer Marketing Hub, in 2021, the platform hosted over 19 million active servers related to different genres and topics.

Unfortunately, the popularity of the cross-platform application has become a significant attack vector for multiple malware attacks.

Discord CDN found delivering 27 unique malware

  • A recent investigation conducted by RiskIQ revealed that threat actors abused the Discord channel to deliver a total of 27 unique malware families. This included backdoors, password stealers, spyware, and trojans.
  • These malware were distributed via URLs containing EXE, DLL, and other compressed files.
  • Among the backdoor families distributed via the platform were AsnycRAT, Bladabindi, and QuasarRAT.
  • The five different password stealers included DarkStealer, Dcstl, Mercurial, Mintluks, and RedLine.
  • However, the most common type of malware observed was trojan. Over eighty files from seventeen trojan families were detected leveraging the channel to launch their malicious activities.

The bigger picture

  • Apart from hosting malware, threat actors have found ways to misuse the core features of Discords for malicious intent.
  • Check Point Research spotted a multi-functional malware that used the features of the platform to take screenshots, download additional files, and perform keylogging.
  • Additionally, the researchers also identified the potential abuse of Discord Bot API.
  • Threat actors could abuse the Discord Bot to turn them into a simple RAT and gain full access to a user’s system.
  • To claim their investigation, the CheckPoint researchers had revealed several malicious repositories on GitHub that were based around the abuse of Discord bot API with different functionalities.
  • One such malicious toolkit observed was DiscordRootKit.
   

The persisting security holes add more problem

  • One of the significant reasons for the rise in malware detection on Discord is attributed to the numerous security holes within the platform. 
  • Researchers from Sophos had stated that Discord’s API was leveraged in multiple attacks to exfiltrate data and facilitate communication over hackers’ C2 channels. 

Final words

Due to the wide range of communication and data-sharing facilities, Discord has also gained popularity among cybercriminals. The platform can be used for various malicious purposes like malware development, botnet setups, C2 communication, and hosting malicious files. With so many options available at attackers’ end, researchers highlight that early detection of such threats can prevent users from falling prey to such threats.

Cyware Publisher

Publisher

Cyware