Discord Becoming a Lucrative Target for Malicious Actors

Lately, Discord has witnessed a rise in cyberattacks. The latest malware operating along these lines is TroubleGrabber.

What do you need to know about TroubleGrabber?

  • TroubleGrabber is a credential stealer that spreads through Discord attachments and leverages Discord webhooks to deliver the stolen information to the malware operators. The malware is currently believed to be in use by several threat actors.
  • The malware was discovered when 5,700 public Discord attachment URLs hosting malicious content were discovered. The malicious content was found in the form of Windows executable files and executables.

Attack vectors

TroubleGrabber is the latest malware to exploit cloud apps across every level of its kill chain. It uses:
  • Cloud apps for primary delivery;
  • Cloud apps for payload delivery in the next stage;
  • Cloud apps for command and control (C&C); and
  • Stealing cloud app credentials.

Noteworthy threats facing Discord

  • Recently, a bug was discovered in Electron, the software framework used by Discord. The vulnerability could be abused to harness JavaScript code.
  • An npm package, discovered earlier this month, was found containing malicious code to steal confidential files from the Discord application.
  • Last month, researchers identified the Abaddon RAT to be the first malware to use the Discord platform for its C&C. The malware connects with Discord to check for new commands to execute.

The takeaway

Threat actors have been coming up with new tactics and tools to attack Discord users and other targets. With the platform gaining more traction due to adoption by various interest-based online communities, it is likely to garner more attention from malicious actors in the cyberspace.