It turned out that the content distribution network of Discord, a player-oriented messaging platform, was used by malicious users to distribute malicious software. According to a report by Sophos, the content delivery network has seen full growth in the last two months compared to the same period in 2020. 140 times more malware detected and blocked. The authors of the report, Sean Gallagher and Andrew Brandt, stated that in the second quarter of 2021, 17,000 unique links were detected that directed users to malware.
Among those 17,000 links, only malware hosted by Discord, which hosts files on Google Cloud and uses Cloudflare as the interface. Malware hosted elsewhere and taking advantage of the content delivery network may account for much more than this figure. Malicious users use the APIs of Discord’s chatbot to command targets that receive the malware, and for leaking stolen data to private servers is using.
The main purpose of software is information theft:
While the malware that uses the platform varies, most of them are aimed at direct credential stealing or data theft via a remote access Trojan Trojan, according to the report’s authors. Among the software, those targeting Android platforms, those who click on the ad, banking Trojans and those that do not offer any payment method to attackers, expired ransomware was also seen.
Some malware, such as the Minecraft installer that records keystrokes and takes screenshots, targets players, while others target Discord itself. These softwares themselves range from proprietary browsers to ‘cracked’ Adobe applications. in various disguises steals user login and authentication tokens.
Malicious users also harm the platform through social engineering. These people send the malware they have to the players under the pretext of generating passwords for Discord’s premium Nitro service. One of these software has dozens of security tools and It has been discovered that Windows has disabled internal protection features.