Binary Code

Malware on Discord

As per a report published by Sophos, four percent of malware orginates from Discord's CDN

What's Discord

Discord is an application created in the year 2015, with over a quarter billon user it was created with the purpose of creating a space for people to find their own place. It’s a VoIP, instant messaging and digital distribution platform designed for creating communities. We can communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communities called "servers". It can also use it for streaming your favorite games. Discord Profile
Every user is assigned is a tag along with a username of their choice and a profile picture aka avatar. Discord Nitro also known as Nitro is a paid membership offered by Discord which gives users global access to custom emojis from the servers they are a part of stickers, server enhancements, animated avatars and server enhancements and they cost $9.99/month and $99.99/year.

What is Malware?

Malware is a program created with malicious purposes meant to harm or exploit any programmable device, service or network. Cybercriminals typically use it to extract data which they can leverage over victims for financial gain. That data can range from financial data, to healthcare records, to personal emails and passwords—the possibilities of what sort of information can be compromised have become endless. The most common forms of malware are viruses, keyloggers, WORM [Write Once Read Many] & ransomwares.

What are CDNs?

CDNs aka Content Delivery Networks are geographically distributed servers which work together to provide a fast delivery of Internet content. It helps in the quick transfer of assets used while making a website which include images, videos, JS & HTML files required to load the website properly, a majority of website traffic on the internet is served through CDNs including major sites like Facebook, Amazon & Disney+. If they are properly configured, they can be used for protecting the websites against attacks like DDOS, there are many advantages to using these such as better load times, reduced bandwidth costs and improved website security. Check out this article to see how you could install one on your site.

Malware Mechanism… ⚙

They work by infecting the system with programs which the victim installs accidentally or with cracked software, then they execute malicious code causing actions which the victim doesn’t expect or intend, these actions include executing an application or clicking on a pop-up on websites. These actions can cause the code to replicate into different parts of the system {WORM}, log your keystrokes which may include personal details and credentials to various websites for instance your net banking passwords, encrypting your important documents or for creating a backdoor which could be used for installing applications or performing nasty actions such as surveilling you using your webcam and microphone.

What’s the fuss about?

Four percent encrypted malware download originate from Discord servers, malware hosted on Discord is nothing new but, over the past year it has become more popular (nearly 140 times more than last year), we can send files through Discord, and by right-clicking it we can extract the direct download link to the file. Copy Link feature on Discord
Attackers are taking advantage of this feature for hosting their malicious file, sharing links wherever people click them, for them it’s a really easy way of hosting their malware and most of file sharing services don’t provide static download links also files uploaded to this platform never expire [unless the file isn’t deleted] their servers host several files therefore it’s difficult to differentiate the good files from the bad ones which get lost in the ether of countless legitimate files. And since Discord is free, even if their account gets banned, they can create a new one for free, a report published by Sophos says:

we found that four percent of the overall TLS-protected malware downloads came from one service in particular: Discord

It refers to the 4 percent of TLS encrypted malware, the same protocol which HTTPS uses to encrypt their site traffic, nearly half of the malware now uses TLS to make them harder to identify. The greatest percentage of malware focuses on stealing credential and personal data a good portion of malware lurking in the Discord’s CDN has been identified as RATs [Remote Administration Tools] these programs are often disguised as game cheats, license key or nitro generators. None of malware hosted on Discord is not their fault. Malware has to be hosted somewhere, and they go with whichever service is most advantageous at the moment it’s Discord.

Hope you liked this article, Stay tuned for more to come!
Stay Safe & Stay Healthy!

Tagged in : DiscordMalwareCDNsMechanismTLS

Dave Zachariah

Dave has been a passionate entrepreneur since the age of 16 and is currently working at Cyber Efficient with the goal of making businesses easier.