Discord, which is a popular gaming-centric platform, has reportedly become a new favourite tool among cybercriminals, according to research.
According to a new report from Sophos via best usa online casinos, a security company, Discord is now being used as a host to distribute and control several kinds of malware and this issue seems to be growing at a rapid pace every week. In the last two months, Sophos has been able to detect almost 140 times the number of Discord malware threats when compared to the same period last year.
In the second quarter (Q2), the security company found 17,000 unique malware URLs in the Discord content delivery network, and almost 5,000 of them are currently active on Monday. Many of these malware strains are tagged as info stealers, which are programmed to steal account credentials and other personal information.
The gaming-centric platform has become an enticing tool for cybercriminals thanks to its extensive infrastructure and its ever-growing customer base, this was revealed by Senior Threat Researcher at Sophos, Sean Gallagher.
Speaking to the media, he said: “Discord provides a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware.”
“Discord’s vast user base also provides an ideal environment for stealing personal information and credentials through social engineering.”
The hackers often disguise the malware as tools to help the players cheat in video games, which is mostly aimed at the younger audiences, like Roblox and Fortnite. In some other instances, some will be handed the chance to sample a new game under development.
Sophos also found out that old ransom ware from the early 2000s was circulating on the gaming-centric platform as mischief ware, which is a type of malware that rescind people’s access to files with no means of recovery.
Sophos also praised Discord’s swift response to takedown requests, while advising the users to take some steps to protect themselves against potential scams on the platform.
The company advised the platform users to use multi-factor authentication to protect against account takeover and to ensure their device is also protected by a legitimate antivirus service. The users should also refrain from downloading unlicensed software, regardless of how reputable the source is.
“Discord users, whoever they are and whatever they use the platform for, should remain vigilant to the threat of malicious content and not just leave it to the Discord platform to identify and remove suspicious files,” Gallagher continued via best payout casino.
“In addition, IT security teams should never consider any traffic from an online cloud service as inherently ‘safe’ based on the trusted nature or legitimacy of the service itself. Adversaries could be hiding anywhere.”
When asked for a comment regarding the report made by Sophos and the measures in place to avoid mass distribution of the malware, Discord said to Tech Radar via a spokesperson from the platform: “Platform security is a priority for us.
“Discord relies on a mix of proactive scannings – such as antivirus scanning – and reactive reports to detect malware and viruses on our service before they reach users. We also do proactive work to locate and remove communities misusing Discord for this purpose. Once we become aware of these cases or bad actors, we remove the content and take appropriate action on any participants.
“We value feedback from trusted sources like Sophos whose expertise can help identify malware so that we can remove it and ensure no further distribution occurs on Discord.”
