Discord experiencing concentrated malware campaign

A campaign to spread malware in Discord has been uncovered, according to research from RiskIQ. Discord is a VoIP service that is most associated with gamers, but numerous other communities use the application. Most notably, corporate workplaces have been seen employing the platform in recent times. There are more than 140 million users on Discord.

The malware campaign in question is detailed in a post by the RiskIQ research team. The threat actors behind the campaign are using content delivery networks to store and deploy the malware. CDN is used by Discord communities to share various files within their respective servers.

As RiskIQ’s post states, this is where the problems unfold:

Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by actors by creating channels with the sole purpose of delivering these malicious files… RiskIQ detected Discord CDN URLs containing .exe, DLL, and various document and compressed files. After reviewing the hashes on VirusTotal, we determined that more than 100 were delivering malicious content. RiskIQ detected more than eighty files from seventeen malware families, but the most common malware observed on Discord’s CDN was Trojans.

The best way for Discord users to combat this is to be very wary of any link. It doesn’t matter who it comes from. Assume that it is compromised until proven otherwise. Discord and RiskIQ have been in contact trying to remedy the issues, but security begins with individual practices. Discord, and platforms like it, are havens for social engineers as they can spoof their identities and play the part of a regular participant.

Any platform that allows anonymity, as many online communities do, can become a breeding ground for these types of attacks. As a general rule, trust no one and practice safe browsing habits.

Featured image: Flickr / Gage Skidmore

2 thoughts on “Discord experiencing concentrated malware campaign”

    1. Vitaly Popovich

      I would say issues with malware/viruses are nearly always related to lax rights, i.e. either using accounts with admin rights and/or admins not deploying software restriction policies.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top