Discord experiencing concentrated malware campaign

A campaign to spread malware in Discord has been uncovered, according to research from RiskIQ. Discord is a VoIP service that is most associated with gamers, but numerous other communities use the application. Most notably, corporate workplaces have been seen employing the platform in recent times. There are more than 140 million users on Discord.

The malware campaign in question is detailed in a post by the RiskIQ research team. The threat actors behind the campaign are using content delivery networks to store and deploy the malware. CDN is used by Discord communities to share various files within their respective servers.

As RiskIQ’s post states, this is where the problems unfold:

Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by actors by creating channels with the sole purpose of delivering these malicious files... RiskIQ detected Discord CDN URLs containing .exe, DLL, and various document and compressed files. After reviewing the hashes on VirusTotal, we determined that more than 100 were delivering malicious content. RiskIQ detected more than eighty files from seventeen malware families, but the most common malware observed on Discord’s CDN was Trojans.

The best way for Discord users to combat this is to be very wary of any link. It doesn’t matter who it comes from. Assume that it is compromised until proven otherwise. Discord and RiskIQ have been in contact trying to remedy the issues, but security begins with individual practices. Discord, and platforms like it, are havens for social engineers as they can spoof their identities and play the part of a regular participant.

Any platform that allows anonymity, as many online communities do, can become a breeding ground for these types of attacks. As a general rule, trust no one and practice safe browsing habits.

Featured image: Flickr / Gage Skidmore

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Enterprise considerations when purchasing laptops

You're tasked with purchasing and provisioning laptops for a bunch of users at your company.…

2 days ago

IKEA experiencing internal phishing attacks

IKEA is currently in a state of disarray thanks to an internal reply-chain email attack.

2 days ago

How to Fix Exchange Mailbox Corruption?

If transaction logs get corrupt, deleted or the server shuts down before the logs are…

3 days ago

2.4GHz or 5GHz WiFi: Which one to choose?

WiFi is not just for laptops and smartphones. It is also an essential part of…

3 days ago

Is cloud security an illusion?

Migrating your infrastructure into the cloud boosts your security and helps you avoid cyberattacks. Or…

4 days ago

How to delete a sprint when using Azure DevOps

The process of trying to delete a sprint in Azure DevOps is not straightforward. This…

4 days ago