- This Samsung phone is the model most people should buy (and it's not a flagship)
- The 50+ best Black Friday Walmart deals 2024: Early sales live now
- How to Dockerize WordPress | Docker
- The smartwatch with the best battery life I've tested is also one of the cheapest
- One of the most immersive portable speakers I've tested is not made by Sony or Bose
Threat Actors Abusing Discord to Spread Malware
Researchers have discovered new multi-function malware abusing the core functions of popular group app platform Discord.
Check Point explained in a blog post this morning that it found several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots and executing files.
Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, the researchers warned.
For example, the Discord Bot API can easily be manipulated to turn a bot into a simple Remote Access Trojan (RAT). This doesn’t even require the Discord app to be downloaded to a target’s machine.
What’s more, communications between attacker, Discord server and victim’s machine are encrypted by Discord, making it much harder to detect any malware, Check Point claimed. It said that this could provide attackers with an “effortless” way to infect machines and turn them into malicious bots.
“The Discord API does not require any type of confirmation or approval and is open for everyone to use,” the researchers wrote.
“Due to these Discord API freedoms, the only way to prevent Discord malware is by disabling all Discord bots. Preventing Discord malware can’t be done without harming the Discord community. As a result, it’s up to the users’ actions to keep their devices safe.”
Check Point also found dozens of instances where threat actors used Discord as a malicious file hosting service, with their privacy protected by the app.
“As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord,” it concluded.
“As Discord’s cache is not monitored by modern AVs, which alert a user in case a received file is considered malicious, the files remain available for download. Until relevant mechanisms are implemented, users must apply safety measures and only download trusted files.”
