In the six years since
the launch of Discord's chat and VoIP service, the platform has become a
popular tool for building communities of interest, especially among gamers.
However, as with any other platform that hosts user-generated content, there
can be security vulnerabilities on Discord. Discord's vast customization
options also open the door for attacks on ordinary users, both inside and
outside the chat server. A recent investigation into Discord's security
revealed several cyberattack scenarios linked to its chat service, some of
which can be downright dangerous for users. We tell you how to protect
yourself.
Malware that spreads through Discord
Malicious files
distributed via Discord pose the most obvious threat. Several dozen types of
malware were identified in a recent study. We call this threat “obvious”
because sharing files on Discord is so easy; each file uploaded to the platform
is assigned a permanent URL in this format:
cdn.discordapp.com/attachments/{channel
ID}/{file ID}/{file name}
Most of the files are
available for download to anyone with the link.
The study describes a
real-life example of an attack: a fake website offering downloads of the Zoom
web conferencing client. The page layout resembles the real web, and the
malicious file is hosted on a Discord server. This bypasses restrictions to
download files from unknown sources. The justification is that the servers of a
popular application used by millions of people are less likely to be blocked by
anti-malware solutions.
The malicious “trick”
is as obvious as the way to combat it: High-quality security solutions don't
just look at the source of the download to determine a file's threat level.
Kaspersky's tools immediately detect malicious functionality the first time a
user tries to download the file, for example, and then, with the help of
cloud-based security, notify other users that the file must be locked.
All services that
allow user-generated content uploads face misuse issues. For example, free web
hosting sites create phishing pages, while file-sharing platforms are used to
proliferate Trojans. Form services serve as channels for spam etc. Platform
owners do try to combat the security vulnerability, but the results are mixed.
It is clear that
Discord developers need to implement at least basic means of protection for
users. For example, the files used on a particular chat server do not need to
be available to everyone. It's also a good idea to automatically check for and
block known malware. In any case, this is the least of Discord's problems, and
it's combated in the same way as any other method of malware distribution.
However, it is not the only one that users face.
Malicious bots
Another recent study
shows how easy it is to exploit Discord's bot system. Bots extend the
functionality of the chat server in a number of ways, and Discord offers a wide
range of options for customizing users' own chats. The researchers also
reviewed another Discord misuse scenario, which does not depend on the user
having a Discord client installed. In this case, the malware uses the chat
service to communicate. Thanks to the public API, simple registration process,
and basic data encryption, a backdoor can easily and conveniently use Discord software to send data about
the infected system to its operator and, in turn, receive commands to execute.
the code, download new malicious modules and more.
This type of scenario
seems very dangerous; it simplifies the job of attackers, who then do not need
to create a communication interface with infected computers, but can use
something that is already available. At the same time, it somewhat complicates
the detection of malicious activity; as conversations between the backdoor and
its operator can resemble normal user activity in a popular chat room.
Protection for gamers
While the above
threats apply to all Discord users, they mainly concern those who use Discord
as a game plugin: for voice and text communication, broadcasting, gathering
game statistics, etc. This usage means good customization and increases users'
risk of finding and installing malicious extensions.
The relaxed and
apparently safe environment is actually another threat, as it increases the
success rate of social engineering techniques: the lure is best hidden in a
relaxed chat with people you consider your friends. We recommend using the same
digital hygiene rules on Discord that you use anywhere else on the web: don't
click on suspicious links or download unknown files; be wary of offers that
sound too good to be true; and avoid sharing your personal or financial
information.
As for Trojans and
backdoors, whether based on Discord or only distributed via the platform, they
are not special or fundamentally different from other types of malware. Use a
reputable antivirus application to keep yourself safe, leave it running at all
times, even when installing any software or adding bots to a chat server, and
heed its warnings.