"Threat Actors Abusing Discord to Spread Malware"

Researchers at Check Point have discovered new multi-function malware abusing the core functions of popular group app platform Discord. The researchers found several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots, and executing files.  Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, the researchers warned.  For example, the Discord Bot API can easily be manipulated to turn a bot into a simple Remote Access Trojan (RAT). This doesn’t even require the Discord app to be downloaded to a target’s machine.  The researchers noted that communications between attacker, Discord server, and victim’s machine are encrypted by Discord, making it much harder to detect any malware.  The researchers said that this could provide attackers with an “effortless” way to infect machines and turn them into malicious bots.  The researchers noted that the Discord API does not require any type of confirmation or approval and is open for everyone to use.  Due to these Discord API freedoms, the only way to prevent Discord malware is by disabling all Discord bots. The researchers noted that preventing Discord malware can’t be done without harming the Discord community, and as a result, it is up to the users’ actions to keep their devices safe.  The researchers also found dozens of instances where threat actors used Discord as a malicious file hosting service, with their privacy protected by the app.

Infosecurity reports: "Threat Actors Abusing Discord to Spread Malware"