Check Point Software

Using Discord infrastructure for malicious intent

In 2021, Discord, a popular cross-platform application, hosted more than 19 million active servers related to different genres and topics (gaming, arts, marketing, finance, sports, etc.). According to influencer marketing hub there are currently over 150 million monthly active users.

Discord is a large-scale platform, used for chats, voice calls and videos. The platform has different features that allows user many functionalities in terms of management, data sharing, and connection preferences. However, these can also be used for malicious purposes like malware development, botnet setups, C2 communication and malicious file hosting.

Check Point Software sees early indicators that threat actors are seeking to use Discord’s infrastructure for malicious intent, as malicious code geared for the Discord platform can be found on GitHub. In fact, threat actors can use malware to abuse the core features of Discord, including Discord API and Discord Bots. The potential outcome for a threat actor would be the enablement of malicious capabilities, such as screenshotting, key logging and executing files.

The Discord API does not require any type of confirmation or approval and is open for everyone to use. Due to these Discord API freedoms, the only way to prevent Discord malware is by disabling all Discord bots. Preventing Discord malware can’t be done without harming the Discord community. As a result, it’s up to the users’ actions to keep their devices safe.

As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord. As Discord’s cache is monitored by modern AVs, which alert a user in case a received file is considered malicious, the files remain available for download. In addition, the malware may be difficult to detect, as it can be classified as Discord traffic or be disguised as a legitimate program. As such, until relevant mechanisms are implemented, users must apply safety measures and only download trusted files.

Steps to stay safe from Discord based malware and how to spot if you’ve been infected:

Avoid visiting unsafe and unknown websites – suspicious links are always a red flag

Only download files from trusted sources – do not download a file unless you’re sure of its safety

Monitor your network’s traffic – if Discord traffic exists while Discord is not installed on the system, you may have been infected by a Discord based malware

When working with Discord bots, we highly recommend hosting unknown bots on an external server – avoid running them on your personal machine

The article is from Check Point Research.

Leave a Reply

Your email address will not be published. Required fields are marked *