Discord: Domain for Cybercrime
Since the pandemic started, online service of all kind has gained popularity. People turned to the internet for school and work-related stuff, play games, party virtually, and engage in all sorts of other activities. Cybercriminals took advantage of this growing popularity and started targeting users, administrators and gamers. Not only this, Cybercriminals and remote attackers are using a group-chatting platform like Discord as a Content Delivery Network (CDN) to host their hostile payloads.
What researchers have to say?
- In a current report by Zscaler’sThreatLabZ team, it said the service is being used to entertain various payloads like Discord token grabbers, Epsilon ransomware, XMRig miner, Redline stealer.
- However, many campaigns rely on the “cdn.discordapp.com” service for the infection chain.
- Files containing malware are renamed as gaming software or pirated software. This is done to trick the users.
When Discord became a target:
In January this year, cybersecurity researchers revealed the malicious packages. NPM open-source repository serves as platforms for publishing this. MalwareHunter Team found out an illustration of an NPM package that used webhooks to exploit Discore user tokens. The stolen token allows the attacker to hack the major servers. Some other packages designed for stealing are discord-fix, sonatype, and anon-chat-lib.
When Discord became an attacking domain:
Scammers are finding easy ways to get cash using Discord servers. Also, they use it for exchanging Cryptocurrency. The scammers found their way into the servers, sent personal messages to the users. These messages reached the users as coming from cryptocurrency exchanges.
Discord has become increasingly popular among professionals, organizations, and communities for organizing virtual get-togethers and sharing media. Also, remote attackers are taking control of these platforms to make money and get access to confidential information. One needs to really be careful while using these services.