Full width home advertisement

Welcome Home

Post Page Advertisement [Top]

Discord is now fast becoming a favorite tool for CyberCriminals

These days online chat platform is increasingly being used to host malicious payloads.

Discord Desktop Client

As people around the world are turning to video games to help them stay occupied while under lockdown during the pandemic, cybercriminals have noticed this and have launched new campaigns with the aim of targeting gamers according to new research from Zscaler.

These attacks that are launched often exploit the popularity of certain games such as "Among Us" to lure game players into downloading fake versions of it which serve malware. However, cybercriminals have also begun to start deploying credential stealers, ransomware, and cryptominers to target gamers as well.

One thing that most of these new campaigns are sharing in common is the fact that cybercriminals have begun to leverage most of the group-chatting platform using Discord as a CDN for hosting their malicious payloads. While using this service to host payloads is not new, there was a recent uptick in the number of cybercriminals doing so last year.

For instance, an attacker can simply upload a malicious file on a Discord channel and start to share its public link with others who are making use of the service also as well as with those that don't. Even worst of it, a file that is sent from Discord will remain there forever so even if an attacker deletes a file shared via the service, its link will still be used to download the malicious file.

Discord CDN

Zscaler's ThreatLabZ team in a new report, explained how its researchers have observed the multiple payloads including the Epsilon Redline stealer, XMRig miner, ransomware, and Discord token grabbers shared using the service.

Many of the malicious files that are used in these campaigns are renamed as gaming or pirated software in an effort to trick gamers into downloading this files. Cybercriminals also make use of file icons related to popular games just to entice users into opening this files.

At the same time, attackers are also making use of Discord for control-and-command (C&C) communication as it was seen last year with a new version of the AnarchyGrabber trojan. For those that are unfamiliar, C&C servers are their remote hosts that are using to send commands to malware to become executed on an infected computer.

In their report on the matter, Zcaler's Avinash Kumar, Abhay Kant Yadav and Aditya Sharma explained how the Discord's growing popularity outside of gaming and its CDN capabilities have made the service very popular among cybercriminals, saying this:

Discord is created and known to be primarily a chatting platform that is built for gamers and is now becoming increasingly very popular among other communities that are professionals for sharing information. We’re taking observation of an increase in the usage of the Discord app to deliver malicious files by attackers. Due to the static content of the distribution service, it is highly popular among threat actors to the host malicious attachments that remain publicly accessible even after removing the actual files from Discord.” 

No comments:

Post a Comment

Bottom Ad [Post Page]