17,000 'malicious URLs' spread by hackers on Discord

Discord is a purveyor to gamers who can communicate by text and voice and exchange files. However, it has been reported that hackers take advantage of its simplicity and large number of users to spread malicious URLs and infect users with malware.

Malware gradually targets Discord for abuse – Sophos News


Hackers Use Discord For Spreading Malware --14,000 Malware URLs Reported | Tech Times


According to Sophos , which develops security software, from January to March 2021, 17,000 URLs of sites containing malware were detected on Discord. Some of these malware used Discord's BOT API to steal personal and credential information.

In addition, some of the spread URLs distribute files disguised as cheat tools and unlocking tools for paid content for game titles that are of interest to young people such as 'Fort Knight', and one of these tools. According to the department, malware that uses Discord's protocol to crash another player's game was found.

Below is an image of a small part of the malware found on Discord's proprietary content delivery network (CDN). Files in red are determined to be malicious.

The following is malware detected by software that mimics a cheat tool for the game 'Counter-Strike: Global Offensive'. A number of words that abuse the user are displayed, and there are also a number of malware aimed at such less harmful 'mischief'.

At sites where malware is executed, obfuscated JavaScript collects system information and credentials of Discord and other sites and sends the data to the hacker's Discord channel.

PCs are not the only target of malware. The URL to distribute the APK file for Android has also been spread, and Sophos says it found 205. The one enclosed in the red frame in the image below is the one downloaded from the URL that distributes this APK file. At first glance, these apps look like ordinary apps, but they are malicious apps that illegally click on in-app ads or install backdoors.

'Discord is a continuous service that provides a messaging API that can be easily controlled by malware. For hackers, deploying a large infrastructure to users. Discord is a fascinating tool because of its large number. '

In April 2021, Sophos reported to Discord 9500 URLs that continue to distribute malware. Sophos also mentions that Discord is quick to respond to malicious URL removal requests, but Sophos says, 'Users don't assume that the data they exchange is safe just because the service they use is safe. , You need to pay attention to malicious content. '

in Web Service,   Security, Posted by log1p_kr