We also found applications that serve as nothing more than harmless, though disruptive, pranks.īut the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. The tools allegedly make it possible, exploiting weaknesses in Discord’s protocols, for one player to crash the game of another player. Among the malicious files we discovered in Discord’s network, we found game cheating tools that target games that integrate with Discord, in-game. SophosLabs also found malware that leveraged Discord chat bot APIs for command and control, or to exfiltrate stolen information into private Discord servers or channels.Īs the origins of the service were tied to online gaming, Discord’s audience includes large numbers of gamers-including players of youth-oriented titles such as Fortnite, Minecraft, or Roblox. Several password-hijacking malware families specifically target Discord accounts. Red-colored entries are files determined to be malicious. A visualization of just a small portion of the malware files hosted on Discord’s content delivery network (CDN). We observed significant volumes of malware hosted in Discord’s own CDN, as well as malware interacting with Discord APIs to send and receive data. The service also publishes an API, enabling developers to create new ways to interact with Discord other than through its client application. The growing popularity of the game-centric text and voice chat platform has not failed to draw the attention of malware operators.ĭiscord operates its own content delivery network, or CDN, where users can upload files to share with others. As we found during our investigation into the use of TLS by malware, more than half of network traffic generated by malware uses TLS encryption, and 20 percent of that involved the malware communicating with legitimate online services.ĭuring the timeframe of that research, we found that four percent of the overall TLS-protected malware downloads came from one service in particular: Discord.
Threat actors who spread and manage malware have long abused legitimate online services.
0 kommentar(er)
