Discord CDN and API abuses caused a spike in malware incidents. RATs and credential-stealing malware found in Discords servers...
Discord has once again been detected with a Malware issue. Gamers primarily use the platform, but the targets of Discord's malware have expanded far beyond gamers.
Users can send voice mails or text messages instantly using Discord, which creates specific servers and communities for like-minded people. According to researchers, the number of malware detection in Discord's server has risen far above compared to last year. Sophos, a British cybersecurity company, claimed that the number of malware detections had jumped 140 times compared to 2020.
The specific reason behind this Discord jump is its content delivery network (CDN) and application programming interface (API). Threat actors abused both of these tools to host malware and breach data and clear the way for hacker command-and-control channels.
The maximum number of such malware incidents account for the gamers that stream their live game on Discord groups. A lot of the malware amounts to the use of code to crush an opponent's game. The rise in data breaches and remote access trojans (RAT) is highly alarming, as stated by Sophos.
Most of the malware and versatile RATs floating around primarily focus on credential stealing and personal data breaches. According to a report, "The cybercriminals behind these malware campaigns used social engineering to ensure the spread of the malware. Once they acquired the credentials of a user, they used them to target other discord users and develop a chain of attacks."
Sophos noted 9500 malicious URLs in Discord's CDN in April, followed by an enormous spike, taking the preceding number to 17,000. As mentioned by Sophos, the servers used by Discord are Google Cloud Elixir Erlang virtual machines with Cloudfare, which can be open to any user, and the CDN is just Google Cloud Storage used to share files over the Internet.
Threat actors use the Discord chat service as an excellent means for phishing messages and deploying malicious URLs to lure users. The files that are uploaded on Discord persist indefinitely unless they are reported or deleted**.**
Cisco Talos published an advisory alerting users about the vulnerability of Discord and Slack to the deployment of RATs and credential-stealing malware. According to researchers at Sophos, Discord has responded to its findings and is consistently working to improve its security standards.