Malware Abuses Core Features of Discord

The popular Discord online platform is becoming a tempting target for bad actors: Researchers found malware employing the core features of Discord to allow an attacker to take screenshots, run keyloggers, and download and execute files.

The underlying issue, according to Check Point Research, is that Discord's API is wide open and doesn't require confirmation or vetting. That makes it ripe for abuse in malware development, botnet creation, C2 communication, and hosting malicious files. There are some 150 million active users of the platform, for chats, voice, and video calls. 

Bottom line: The only solution is to disable all Discord bots, the researchers say. 

"Preventing Discord malware can’t be done without harming the Discord community. As a result, it’s up to the users' actions to keep their devices safe," they wrote in a report. "As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord. As Discord's cache is monitored by modern AVs, which alert a user in case a received file is considered malicious, the files remain available for download. Until relevant mechanisms are implemented, users must apply safety measures and only download trusted files."

Read the full report here.