The enemy in my chat - Booming communication platform Discord attracts cyber criminals in droves. Users are lured with prominent games such as Minecraft, Fortnite, or Grand Theft Auto. SophosLabs research shows that the volume of malicious content on Discord increased 140% year over year.
Success makes you sexy - apparently cyber criminals see it that way too. In a new study, the SophosLabs found out that Discord, a currently very successful service for voice, video and text communication with more than 150 million users worldwide, is increasingly used as a malware distribution platform. Sophos telemetry data shows that the number of URLs hosting malware on Discord's content management network (CDN) has increased 140% in the last two months compared to the same period last year.
Malware increased by 140 percent
The study “Malware increasingly targets Disord for abuse” is based on a detailed analysis of more than 1.800 malicious files detected on the Discord CDN and shows how cybercriminals use the popular platform to steal personal information and distribute other malware including discarded ransomware used for sabotage and denial-of-service attacks.
"Discord offers a permanent, highly available and global distribution network for malware operators, as well as a messaging system that criminals can easily convert into command and control channels for their illegal activities," said Sean Gallagher, Senior Threat Researcher at Sophos. "Discord's huge user base provides an ideal environment for social engineering to steal personal and login information."
Chat: Malicious malware just to destroy data
"These scams are not harmless," Gallagher continued. “We found malware that can steal private images from an infected device's camera, as well as ransomware from 2006 that the attackers revived for use as 'mixed hardware'. This type of malware denies victims access to their data, but there is no ransom note and no decryption key as with ransomware. "
The focus is not only on private users. The Sophos report suggests that cyber criminals are well aware that companies are increasingly using the Discord platform for internal or community chats. This development offers attackers a new and potentially lucrative target group, especially if security teams cannot always check the TLS traffic encrypted with Transport Layer Security to and from Discord and thus cannot detect potentially dangerous activities at an early stage.
The most important results of the Sophos Labs report
- The malware is often disguised as game-related tools and cheats - often for popular online games such as Minecraft, Fortnite, Roblox or Grand Theft Auto. The researchers also found a lure that allowed gamers to test a game in development.
- Information theft is the most common threat, accounting for more than 35% of malware detected. The Sophos researchers found several types of malware that hack or exfiltrate passwords. For example, the modified version of a Minecraft installer that installs an "extension" called "Saint" in addition to providing the game. However, this is so-called spyware that can capture keystrokes and screenshots as well as images directly from the camera.
- The SophosLabs also found Android malware packages that install backdoors or droppers (independently executable program files that activate malware, for example) on the smartphone, as well as financial malware that is supposed to steal access to online bank accounts and cryptocurrencies.
Stay safe on Discord
"Prank" file: the crack tool for the game Counter-Strike shows mocking messages (Image: Sophos).
"Discord users, regardless of whether they are private or business and what they use the platform for, should remain vigilant against the threat of malicious content, similar to the email inbox, and not just leave it to the provider to identify and remove suspicious files", so Gallagher. "We also recommend installing a security solution such as Sophos Home on personal devices to protect against malware and other cyber threats."
For companies using Discord for chat and collaboration in the workplace, we recommend using Multi-Factor Authentication (MFA). In addition, it should be ensured that all employees have up-to-date malware protection on their devices - especially those that they use to access remote collaboration platforms while at work. Additionally, IT security teams should never consider traffic from an online cloud service to be inherently “secure” due to the trustworthy nature or legitimacy of the service itself. Cyber criminals could be hiding anywhere.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.