Cybersecurity experts have successfully demonstrated that the features of gaming-centric messaging platform Discord can easily be abused for malicious purposes.
Researchers from Check Point Research (CPR) have spotted “early signs” of malicious actors interested in exploiting some of Discord’s most useful features to target users of the platform.
“The most prominent sign is a multi-functional malware available to anyone on Github. This malware has the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord,” write CPR researchers Idan Shechter & Omer Ventura.
Discord claims to have 19 million active servers per week that facilitate communication between its 150 millions active users, making it an attractive target for threat actors.
Discord in discord
As they analyzed the malware, which is written in Python, CPR researchers realized that the root of the problem is the Discord API that doesn’t require any type of confirmation or approval.
Since the API is open for everyone to use, threat actors can use it to program bots that can turn the platform’s features for malicious purposes like malware development, botnet setups, C2 communication and malicious file hosting.
Talking of malicious file hosting, a Sophos research claimed that in Q2 2021 it detected 17,000 unique malware URLs in the Discord content delivery network.
“Because Discord messages are encrypted, users can’t easily tell if malware is attached to their communications,” says Saryu Nayyar, CEO of security vendor Gurucul.
Bad for business
The problem however doesn’t have an easy solution, and the CPR researchers believe that preventing Discord malware can’t be done without harming the Discord community.
“All too often, developers emphasize functionality over security, and this is an example of an exploitation that probably could have been addressed with a better software design. But the Discord platform itself has to be able to collect and analyze data in real time to look for and remediate unusual activity,” believes Nayyar.
While the CPR researchers suggest that it’s up to the users’ actions to keep their devices safe, Doug Britton, CEO of cybersecurity talent acquisition firm Haystack Solutions believes that it’s time Discord does some introspection.
“Discord is an amazing product but it needs to take a deep look at the trade off between open functionality and security. Relying on users to recognize malicious intent is not a sustainable solution and becoming a RAT gateway is bad for business,” opines Britton.
Stay safe online with the best antivirus services around
