Malicious activity in Discord chats

In the six years since the launch of Discord's chat and VoIP service, the platform has become a popular tool for building communities of interest, especially among gamers. However, as with any other platform that hosts user-generated content, there can be security vulnerabilities on Discord. Discord's vast customization options also open the door for attacks on ordinary users, both inside and outside the chat server. A recent investigation into Discord's security revealed several cyberattack scenarios linked to its chat service, some of which can be downright dangerous for users. We tell you how to protect yourself.

Malware that spreads through Discord

Malicious files distributed via Discord pose the most obvious threat. Several dozen types of malware were identified in a recent study. We call this threat “obvious” because sharing files on Discord is so easy; each file uploaded to the platform is assigned a permanent URL in this format:

cdn.discordapp.com/attachments/{channel ID}/{file ID}/{file name}

Most of the files are available for download to anyone with the link.

The study describes a real-life example of an attack: a fake website offering downloads of the Zoom web conferencing client. The page layout resembles the real web, and the malicious file is hosted on a Discord server. This bypasses restrictions to download files from unknown sources. The justification is that the servers of a popular application used by millions of people are less likely to be blocked by anti-malware solutions.

The malicious “trick” is as obvious as the way to combat it: High-quality security solutions don't just look at the source of the download to determine a file's threat level. Kaspersky's tools immediately detect malicious functionality the first time a user tries to download the file, for example, and then, with the help of cloud-based security, notify other users that the file must be locked.

All services that allow user-generated content uploads face misuse issues. For example, free web hosting sites create phishing pages, while file-sharing platforms are used to proliferate Trojans. Form services serve as channels for spam etc. Platform owners do try to combat the security vulnerability, but the results are mixed.

It is clear that Discord developers need to implement at least basic means of protection for users. For example, the files used on a particular chat server do not need to be available to everyone. It's also a good idea to automatically check for and block known malware. In any case, this is the least of Discord's problems, and it's combated in the same way as any other method of malware distribution. However, it is not the only one that users face.

Malicious bots

Another recent study shows how easy it is to exploit Discord's bot system. Bots extend the functionality of the chat server in a number of ways, and Discord offers a wide range of options for customizing users' own chats. The researchers also reviewed another Discord misuse scenario, which does not depend on the user having a Discord client installed. In this case, the malware uses the chat service to communicate. Thanks to the public API, simple registration process, and basic data encryption, a backdoor can easily and conveniently use Discord software to send data about the infected system to its operator and, in turn, receive commands to execute. the code, download new malicious modules and more.

This type of scenario seems very dangerous; it simplifies the job of attackers, who then do not need to create a communication interface with infected computers, but can use something that is already available. At the same time, it somewhat complicates the detection of malicious activity; as conversations between the backdoor and its operator can resemble normal user activity in a popular chat room.

Protection for gamers

While the above threats apply to all Discord users, they mainly concern those who use Discord as a game plugin: for voice and text communication, broadcasting, gathering game statistics, etc. This usage means good customization and increases users' risk of finding and installing malicious extensions.

The relaxed and apparently safe environment is actually another threat, as it increases the success rate of social engineering techniques: the lure is best hidden in a relaxed chat with people you consider your friends. We recommend using the same digital hygiene rules on Discord that you use anywhere else on the web: don't click on suspicious links or download unknown files; be wary of offers that sound too good to be true; and avoid sharing your personal or financial information.

As for Trojans and backdoors, whether based on Discord or only distributed via the platform, they are not special or fundamentally different from other types of malware. Use a reputable antivirus application to keep yourself safe, leave it running at all times, even when installing any software or adding bots to a chat server, and heed its warnings.

Mới hơn Cũ hơn