Persistence of malicious links and lack of ‘report abuse’ button faulted by security researchers
Cybercriminals are abusing Discord to target gamers with malware, cybersecurity firm Zscaler warns.
Discord is a popular chat app that allows users to interact with each other through voice calls, video calls, or text messaging in real time.
Zscaler has spotted a surge in campaigns relying on the cdn.discordapp.com service for their infection chain.
Cybercrime delivery network
Multiple categories of malware are being served through the CDN service, from ransomware to information stealers and crypto-miners.
Zscaler said it has caught more than 100 unique malicious samples from Discord in zscaler cloud over the last two months alone.
The attack usually starts with spam emails in which prospective marks are lured with legitimate-looking templates into downloading next-stage payloads.
RELATED Discord desktop app vulnerable to RCE via chained exploit
Malware-tainted files are disguised as cracked software or gaming software in order to target gamers – an attractive target for miscreants because they typically use high specification PCs.
The tactic is not new and has been observed in many other campaigns in the past using Discord as malware hosting platform.
Malicious links
Discord offers certain advantages to attackers compared to rival communication platforms, according to Zscaler.
Deepen Desai, CISO and VP of security research and operations at Zscaler, told The Daily Swig: “If an attacker uploads a malicious file on Discord channel and shares its public link, even non-Discord users can download it.”
Desai continued: “If the attacker deletes the malicious file within the Discord, [the] public URL can still be used to download the file, which means even though the file is deleted from the chat, it is actually not deleted from Discord CDN.”
The recent increase in cadence of attacks taken Discord can be taken as showing that the approach is effective, according to Zscaler.
“Attackers are quite successful in their attempts to ensnare Discord users as well as non-Discord users,” Desai said.
Read more of the latest security research from around the world
Discord lacks a ‘report abuse’ button found in some comparable services. This means that users would be well advised to tread carefully, Zscaler advised.
“As the use of free cloud file-sharing platforms are increasingly adopted by cybercriminals, Discord has no ‘report abuse’ button corresponding to shared file but does have a web link to report abuse which is not so user friendly like other cloud services,” Desai said.
“So, users must not download the file from unknown or untrustworthy sources, as this app allows any Discord user to join any chat group and share files.”
RECOMMENDED Container security: Privilege escalation bug patched in Docker Engine