The Tangled Web of Discord
Amidst the buzz of digital conversations, Discord malware thrives, with threat actors utilizing the popular platform, particularly the Discord server, as their latest hunting ground. From solo hackers to advanced persistent threat (APT) groups, no stone is left unturned as they exploit this medium to their advantage.
The Threefold Attack on Discord
The methods by which Discord falls prey to cybercriminals are three-pronged. First, they exploit the platform’s content delivery network (CDN) to disseminate their malicious software. This allows them to bypass traditional security protocols since the malware emerges from a trusted domain. Trellix research has unveiled that over 10,000 malware instances have utilized Discord’s CDN, with notable culprits being the likes of RedLine stealer and Vidar.
Secondly, threat actors have found innovative ways to modify the Discord client for the sole purpose of pilfering passwords. And lastly, they’ve weaponized Discord webhooks, tools designed for easy and efficient communication, to siphon data from unsuspecting victims’ systems.
Discord Malware’s Hall of Fame
From the vast number of malevolent software using the Discord server to further their schemes, some notorious names stand out, having been active since August 2021:
- MercurialGrabber
- AgentTesla
- Stealerium
- zgRAT … and many more.
These culprits, among others, are relentless in their pursuits, collecting a treasure trove of data ranging from login credentials to cryptocurrency wallet details, which they then funnel into their controlled Discord server. And topping the list for this year’s most proactive attackers? Agent Tesla and zgRAT, to name a few.
The Emergence of APTs in Discord
Now, sophisticated threat actors known as APTs have also joined the Discord malware fray. Their modus operandi involves using everyday tools, like Discord, enabling them to operate incognito, making their activities virtually untraceable. One noteworthy instance involves an unnamed APT group focusing their efforts on critical Ukrainian infrastructure, cleverly using spear-phishing tactics.
Trellix emphasizes the growing concern as APTs turn to platforms like Discord. Their advanced and targeted strategies allow them to burrow deep within systems, putting invaluable data and infrastructures at risk.
The Ongoing Discord Malware Struggle
The growth of Discord malware is a testament to the constant evolution of cyber threats. With the legitimate functions of the platform making it challenging to differentiate malicious intent from genuine activities, and as banning merely leads to the resurgence of new malicious accounts, Discord’s malware predicament seems poised to intensify.
Contact us to see how we can help with your IT and Security needs.
Like what you read? Follow us on Facebook, LinkedIn, Instagram, and Mastodon!