Malware stored in Discord platform affecting users worldwide

The gamer community is facing new risk through the communication platform Discord. Reports indicate that a cybercriminal group is abusing this platform to deploy malware against thousands of users. Experts at security firm Zscaler mention that attackers deploy these campaigns through the cdn.discordapp.com service.

As you may remember, Discord is an application that allows users to interact through voice calls, text messages, video calling and streaming.

The CDN service offers multiple categories of malware, from ransomware to information theft software and cryptojacking tools. Experts claim that, since the beginning of their research, they have collected more than 100 unique malicious samples from Discord.

This attack variant usually begins with sending legitimate looking spam emails; these messages try to force the download of a tool that will lead to the second stage of the attack.

Threat actors hide their payloads by giving them the appearance of pirated files or video game software; it should be noted that PC gamers users are very attractive targets for hackers, as they employ high spec equipment. Experts mention that this is not an unreleased attack variant, as similar campaigns have been widely documented before.

On the use of Discord as a platform for malware deployment, experts mention that this way threat actors gain considerable advantages: “When hackers place malicious files on a public Discord channel, any user can be exposed, even those who do not have an account on this platform.” What’s more, even if the malware is removed from the Discord channel, the link will be able to redirect users to a website for malware download.

Zscaler’s report mentions that this recent increase in attacks through Discord is a clear sign that the approach is highly effective: “Attackers have a considerable success rate, as users see in Discord a highly reliable platform,” the experts add.

These issues get bigger because Discord does not have the best security mechanisms in the industry, as an option to report abusive behavior on a specific channel: “Threat actors are increasingly turning to using platforms like Discord to perform their malicious actions as it is not possible for administrators to receive reports of suspicious activity.”

This should be a call for companies that manage these platforms, as it is necessary to adopt security approaches that allow the prevention of these attacks before it is too late.