Malware can easily abuse Discord features to attack users

Malware
(Image credit: solarseven / Shutterstock)
Audio player loading…

Cybersecurity (opens in new tab) experts have successfully demonstrated that the features of gaming-centric messaging platform Discord (opens in new tab) can easily be abused for malicious purposes.

Researchers from Check Point Research (CPR) have spotted “early signs” of malicious actors interested in exploiting some of Discord’s most useful features to target users of the platform.

“The most prominent sign is a multi-functional malware (opens in new tab) available to anyone on Github. This malware has the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord,” write CPR researchers (opens in new tab) Idan Shechter & Omer Ventura.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

Discord claims to have 19 million active servers per week that facilitate communication between its 150 millions active users, making it an attractive target for threat actors.

Discord in discord

As they analyzed the malware, which is written in Python (opens in new tab), CPR researchers realized that the root of the problem is the Discord API that doesn’t require any type of confirmation or approval. 

Since the API is open for everyone to use, threat actors can use it to program bots that can turn the platform’s features for malicious purposes like malware development, botnet setups, C2 communication and malicious file hosting (opens in new tab)

Talking of malicious file hosting, a Sophos research (opens in new tab) claimed that in Q2 2021 it detected 17,000 unique malware URLs in the Discord content delivery network (opens in new tab)

“Because Discord messages are encrypted (opens in new tab), users can’t easily tell if malware is attached to their communications,” says Saryu Nayyar, CEO of security vendor Gurucul.

Bad for business

The problem however doesn’t have an easy solution, and the CPR researchers believe that preventing Discord malware can’t be done without harming the Discord community. 

“All too often, developers emphasize functionality over security, and this is an example of an exploitation that probably could have been addressed with a better software design. But the Discord platform itself has to be able to collect and analyze data in real time to look for and remediate unusual activity,” believes Nayyar.

While the CPR researchers suggest that it’s up to the users’ actions to keep their devices safe, Doug Britton, CEO of cybersecurity talent acquisition firm Haystack Solutions believes that it’s time Discord does some introspection.

“Discord is an amazing product but it needs to take a deep look at the trade off between open functionality and security. Relying on users to recognize malicious intent is not a sustainable solution and becoming a RAT gateway is bad for business,” opines Britton.

Stay safe online with the best antivirus (opens in new tab) services around

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.