Discord Continues to Harbour Malware Threats — Advanced Persistent Threats Now Part of the Mix

    Despite its widespread use and popularity, Discord has become a breeding ground for hackers and advanced persistent threat (APT) groups. These malicious actors are using Discord for various malicious activities, including malware distribution, data exfiltration, and stealing authentication tokens. Trellix, a cybersecurity firm, has released a report highlighting Discord’s vulnerability to APT hackers, who are now targeting critical infrastructure through the platform. Unfortunately, Discord has been unsuccessful in implementing effective measures to deter cybercriminals or limit their activities.

    There are three primary ways in which threat actors exploit Discord. First, they utilize its content delivery network (CDN) to distribute malware. By doing so, they can avoid detection and blocking since the files are sent from the trusted domain ‘’. Second, they modify the Discord client itself to steal passwords. Lastly, they abuse Discord webhooks to steal data from the victim’s system. Trellix’s data indicates that thousands of malware samples use Discord’s CDN to load second-stage payloads, such as RedLine stealer and AgentTesla. Additionally, at least 17 malware families have been identified as using Discord webhooks for data theft.

    The abuse of Discord’s CDN and webhooks allows cybercriminals to exfiltrate data stealthily, as the traffic appears innocuous to network monitoring tools. These methods are cost-effective, easy to set up, and provide real-time data exfiltration. Moreover, sophisticated threat groups are now using Discord to blend their activities with others, making tracking and attribution nearly impossible. Trellix has reported an instance where an APT group targeted critical infrastructure in Ukraine using Discord to exfiltrate victim data.

    Unfortunately, Discord’s scale, encrypted data exchange, dynamic nature of cyber threats, and legitimate use by most users make it extremely challenging for Discord to distinguish between malicious and legitimate activities. Additionally, banning accounts suspected of malicious behavior does not prevent malicious actors from creating new accounts and continuing their activities. As a result, the problem is expected to worsen in the future.

    Latest articles

    Related articles