October 16, 2023 at 05:37PM
Discord is increasingly being used by hackers and advanced persistent threat (APT) groups to distribute malware, steal data, and target critical infrastructure. Trellix’s report highlights how Discord’s content delivery network (CDN) is utilized for delivering malicious payloads, while webhooks are abused for data theft. The report also notes that APT groups are exploiting Discord to blend their activities with others, making tracking and attribution difficult. Despite the growing issue, Discord has been unable to effectively address and mitigate the problem.
Key Takeaways:
– Discord is increasingly being used by hackers, including advanced persistent threat (APT) groups, to carry out malicious activities such as distributing malware, stealing data, and targeting critical infrastructure.
– Threat actors abuse Discord in three main ways: using its content delivery network (CDN) to distribute malware, modifying the Discord client to steal passwords, and abusing Discord webhooks to steal data from victims’ systems.
– At least 10,000 malware samples have been found to use Discord’s CDN to load second-stage payloads on systems.
– Malware families such as Agent Tesla, UmbralStealer, Stealerium, and zgRAT are the biggest offenders in 2023, running campaigns in recent months.
– Discord webhooks are used by cybercriminals to exfiltrate data from infected systems, making the traffic appear innocuous to network monitoring tools.
– Advanced threat groups are increasingly using Discord due to the ability to blend their activities with others, making tracking and attribution difficult.
– Despite attempts to deter cybercriminals, such as limited server control and account closure risks, APTs continue to abuse Discord’s features.
– The potential emergence of APT malware campaigns on Discord introduces new complexity and risks to the threat landscape, enabling long-term footholds within networks.
– Discord faces challenges in distinguishing between malicious and legitimate users, and banning accounts does not necessarily prevent malicious actors from resuming their activities.
Overall, Discord’s inability to effectively address the abuse by hackers and APT groups poses significant risks to user security and the integrity of critical infrastructure. The scale, encryption, and dynamic nature of cyber threats make it challenging for Discord to distinguish between malicious and legitimate users, and ongoing efforts to ban suspicious accounts may not be sufficient in preventing future abuse.