Security News > 2021 > October > Threat Actors Abuse Discord to Push Malware

Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware-in particular remote access trojans that can take over systems-putting its 150 million users at risk, researchers have found.

Researchers warn, "Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by actors by creating channels with the sole purpose of delivering these malicious files," according to a report published Thursday by Team RiskIQ. Initially Discord attracted gamers, but the platform is now being used by organizations for workplace communication.

CheckPoint also found that the Discord Bot API-a simple Python implementation that eases modifications and shortens the development process of bots on the platform-"Can easily turn the bot into a simple RAT" that threat actors can use "To gain full access and remote control on a user's system."

Researchers detected links and queried Discord channel IDs used in these links, which enabled them to identify domains containing web pages that link out to a Discord CDN link with a specific channel ID, they said.

The latest research isn't the first time Discord has been called out for malware problem.

In July researchers from Sophos revealed that the number of Discord malware detections rose sharply compared to last year, also observing abuse of the CDN to host malicious files.

News URL

https://threatpost.com/threat-actors-abuse-discord-to-push-malware/175663/