Skip to main content

Malware can easily abuse Discord features to attack users

Malware
(Image credit: solarseven / Shutterstock)

Cybersecurity experts have successfully demonstrated that the features of gaming-centric messaging platform Discord can easily be abused for malicious purposes.

Researchers from Check Point Research (CPR) have spotted “early signs” of malicious actors interested in exploiting some of Discord’s most useful features to target users of the platform.

“The most prominent sign is a multi-functional malware available to anyone on Github. This malware has the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord,” write CPR researchers Idan Shechter & Omer Ventura.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Discord claims to have 19 million active servers per week that facilitate communication between its 150 millions active users, making it an attractive target for threat actors.

Discord in discord

As they analyzed the malware, which is written in Python, CPR researchers realized that the root of the problem is the Discord API that doesn’t require any type of confirmation or approval. 

Since the API is open for everyone to use, threat actors can use it to program bots that can turn the platform’s features for malicious purposes like malware development, botnet setups, C2 communication and malicious file hosting

Talking of malicious file hosting, a Sophos research claimed that in Q2 2021 it detected 17,000 unique malware URLs in the Discord content delivery network

“Because Discord messages are encrypted, users can’t easily tell if malware is attached to their communications,” says Saryu Nayyar, CEO of security vendor Gurucul.

Bad for business

The problem however doesn’t have an easy solution, and the CPR researchers believe that preventing Discord malware can’t be done without harming the Discord community. 

“All too often, developers emphasize functionality over security, and this is an example of an exploitation that probably could have been addressed with a better software design. But the Discord platform itself has to be able to collect and analyze data in real time to look for and remediate unusual activity,” believes Nayyar.

While the CPR researchers suggest that it’s up to the users’ actions to keep their devices safe, Doug Britton, CEO of cybersecurity talent acquisition firm Haystack Solutions believes that it’s time Discord does some introspection.

“Discord is an amazing product but it needs to take a deep look at the trade off between open functionality and security. Relying on users to recognize malicious intent is not a sustainable solution and becoming a RAT gateway is bad for business,” opines Britton.

Stay safe online with the best antivirus services around

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.