News Categories

PSA: Increasing amount of malware targeting Discord’s chat platform

By Ken Wong - on 26 Jul 2021, 12:30pm

PSA: Increasing amount of malware targeting Discord’s chat platform

Discord users are being increasingly targeted by malware. Image courtesy of Unsplash.

Popular community creation app Discord is becoming another platform for cybercriminals to reach out to new victims with malware.

Discord uses VoIP, instant messaging, and digital content distribution to allow users to communicate with voice calls, video calls, text messaging, media, and files in private chats or as part of communities called "servers".

Unfortunately, or perhaps unsurprisingly, Sophos security researchers warned that it is becoming an increasingly popular malware distribution channel.

In a blog post and report, the researchers detailed how they detected 17,000 unique URLs in Discord’s CDN pointing to malware. The number of URLs hosting malware on Discord’s CDN during the second quarter of 2021 also increased by 140% compared to the same period in 2020.


So much malware

A crack tool for the game Counter-Strike: Global Offensive, fills the screen with messages taunting the user who downloaded and ran it. Image courtesy of Sophos.

The malware is often disguised as gaming-related tools and cheats. Common “cheats” seen by Sophos researchers include modifications that allow players to disable an opponent or to access premium features for free – usually for a popular online game such as Minecraft, Fortnite, Roblox, and Grand Theft Auto. The researchers also found a lure that offered gamers the chance to test a game in development.

Information-stealers accounted for more than 35% of the malware seen with Sophos researchers discovering several password-hijacking malware, including Discord security token “loggers” built specifically to steal Discord accounts.

In another instance, the researchers found a modified version of a Minecraft installer that, in addition to delivering the game, installs a “mod” called “Saint”. Saint is in fact spyware, capable of capturing keystrokes and screenshots as well as images directly from the camera on an infected device.

One malware they found, could steal private images from the camera on an infected device, while another was ransomware from 2006 that attackers had resurrected to use as ‘mischiefware’ to deny victims access to their data.



Staying safe on Discord

On a Windows system with Discord present, it logged the user out and restarted Discord after stealing the OAuth token for the account. Image courtesy of Sophos.

Sophos recommends that organisations using Discord for workplace chat and collaboration use multi-factor authentication (MFA) to protect employees’ Discord accounts and ensure that all employees have up-to-date malware protection on any computer they use to access remote collaboration platforms for work-related projects.

Sophos also advises consumers to install a security solution on the devices that they and their families use for online communications and gaming.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.