IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Criminals target Discord to spread malware

Gamers have credentials and financial info stolen from them in a new campaign

Cyber criminals are abusing Discord to host, spread, and control malware which targets the users of this chat service, according to new research.

According to security researchers at Sophos, the abuse of Discord has increased in popularity since last year, as 140 times more URLs hosting malware were blocked in the past two months, compared with the same period in 2020. Researchers said Discord hosts 4% of all TLS-protected malware downloads they have detected.

In the second quarter, researchers detected 17,000 unique URLs in Discord’s CDN pointing to malware. This excludes malware not hosted within Discord that leverages Discord’s application interfaces in various ways. More than 4,700 of those URLs, which point to a malicious Windows .exe file, remained active.

Researchers said the malware is often disguised as gaming-related tools and cheats. Common “cheats” seen by researchers included modifications that allowed players to disable an opponent or to access premium features for free – usually for a popular online game, such as Minecraft, Fortnite, Roblox, or Grand Theft Auto. The researchers also found a lure that offered gamers the chance to test a game in development.

Among the most prevalent threats in Discord are information stealers. Researchers said over 10% of the malware researchers found on Discord belonged to the “Bladabindi” family of information-stealing backdoors. Researchers also found password-hijacking malware, including Discord security token “loggers” built to steal Discord accounts. 

Researchers also found repurposed ransomware, backdoors, Android malware packages, and more. The analyzed files included several types of Windows ransomware that block access to data without making a ransom demand or offering victims a decryption key.

At a technical level, the researchers found some malware using the Application Programming Interface (APIs) of Discord “chatbots” to covertly communicate with and receive instructions from their command server. They also uncovered files that claim to install cracked versions of popular commercial software, such as Adobe Photoshop, and tools that claim to give the user access to the paid features of Discord Nitro, the service's premium edition.

Sean Gallagher, a senior threat researcher at Sophos said Discord provided a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware – in much the same way attackers have used Internet Relay Chat and Telegram

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

“Discord’s vast user base also provides an ideal environment for stealing personal information and credentials through social engineering,” Gallagher said.

“Discord users, whoever they are and whatever they use the platform for, should remain vigilant to the threat of malicious content that’s lurking within the service and not just leave it to the Discord platform to identify and remove suspicious files. In addition, IT security teams should never consider any traffic from an online cloud service as inherently ‘safe’ based on the trusted nature or legitimacy of the service itself. Adversaries could be hiding anywhere.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022
Major security exploits expected to rise before New Year
vulnerability

Major security exploits expected to rise before New Year

1 Nov 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022
Ransomware activity down 11% worldwide in Q3, but rise expected
ransomware

Ransomware activity down 11% worldwide in Q3, but rise expected

20 Oct 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022