- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Threat Actors Abusing Discord to Spread Malware
Researchers have discovered new multi-function malware abusing the core functions of popular group app platform Discord.
Check Point explained in a blog post this morning that it found several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots and executing files.
Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, the researchers warned.
For example, the Discord Bot API can easily be manipulated to turn a bot into a simple Remote Access Trojan (RAT). This doesn’t even require the Discord app to be downloaded to a target’s machine.
What’s more, communications between attacker, Discord server and victim’s machine are encrypted by Discord, making it much harder to detect any malware, Check Point claimed. It said that this could provide attackers with an “effortless” way to infect machines and turn them into malicious bots.
“The Discord API does not require any type of confirmation or approval and is open for everyone to use,” the researchers wrote.
“Due to these Discord API freedoms, the only way to prevent Discord malware is by disabling all Discord bots. Preventing Discord malware can’t be done without harming the Discord community. As a result, it’s up to the users’ actions to keep their devices safe.”
Check Point also found dozens of instances where threat actors used Discord as a malicious file hosting service, with their privacy protected by the app.
“As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord,” it concluded.
“As Discord’s cache is not monitored by modern AVs, which alert a user in case a received file is considered malicious, the files remain available for download. Until relevant mechanisms are implemented, users must apply safety measures and only download trusted files.”
