Hackers spreading malware through Discord: Report
Leading cybersecurity firm Sophos on Monday warned users that popular chat platform Discord is being used by hackers for spreading malware.
The firm said that the findings are based on analysis of more than 1,800 malicious files detected by Sophos telemetry on the Discord Content Management Network (CDN).
The cyber threats include information-stealing malware, spyware, backdoors and ransomware resurrected as “mischiefware”.
“Discord provides a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware — in much the same way attackers have used Internet Relay Chat and Telegram,” Sophos senior threat researcher Sean Gallagher said in a statement.
“Discord’s vast user base also provides an ideal environment for stealing personal information and credentials through social engineering,” he added.
Among other things, the research revealed how the number of URLs hosting malware on Discord’s CDN during the second quarter of 2021 increased by 140 per cent compared to the same period in 2020.
The firm said that the malware is often disguised as gaming-related tools and cheats.
The common “cheats” include modifications that allow players to disable an opponent or to access premium features for free — usually for a popular online game such as Minecraft, Fortnite, Roblox, and Grand Theft Auto.
According to the report, information-stealers are the most prevalent threat, accounting for more than 35 per cent of the malware seen.
The researchers found several password-hijacking malware, including Discord security token “loggers” built specifically to steal Discord accounts.
They also found repurposed ransomware, backdoors, Android malware packages and more.
The analysed files included several types of Windows ransomware being spread by attackers that block access to data without making a ransom demand or offer victims the chance to get a decryption key.
The Android malware comprised backdoors, droppers and financial malware designed to steal access to online bank accounts and cryptocurrency.