Go to listing page

Malware Detection Increased due to Discord CDN and API Abuses

Malware Detection Increased due to Discord CDN and API Abuses
Researchers have observed a huge increase in the number of Discord malware detections in comparison to last year. A recent report claims that malware incidents have increased 140 times from the last year due to CDN and API abuse.

What happened?

According to Sophos researchers, Discord’s CDN is often exploited by attackers for hosting malware, and the API is abused to exfiltrate stolen data.
  • Researchers observers a spike in infostealers and RATs targeting Discord.
  • The attackers behind these operations have used social engineering tricks to propagate credential-stealing malware.
  • The Discord credentials collected from the victims are then used to target other users.
  • In addition to this, the research team has discovered outdated malware—hosted on the Discord CDN—such as spyware and fake app info stealers as well.

Discord and Google

Discord’s servers are Google Cloud Elixir Erlang virtual machines hosted on Cloudflare, which can be configured to stay private and hidden. Besides, Discord’s CDN is a Google Cloud Storage that makes file sharing accessible on the internet.

More insights

A quick rise in the number of URLs hosting malware on Discord’s CDN provides a clear insight into the malware problem. 
  • In April, around 9,500 malicious URLs were spotted on Discord’s CDN that increased to 17,000 in the next few months.
  • Researchers had detected more than 4,700 active URLs delivering the malicious Windows .exe.

Conclusion

Discord’s CDN and API provide a flexible architecture that is frequently abused by cybercriminals. Further, attacks are not just limited to gamers anymore as the messaging app is being used by other groups and online communities as well. Therefore, all users are recommended to take caution and not follow any suspicious links or download any file shared on Discord servers or chats.

Cyware Publisher

Publisher

Cyware