Check Point Software has revealed how hackers can potentially spread malware on Discord, a popular communication service used by over 150 million people globally.
Check Point Research (CPR) found early indicators of threat actors are seeking to use Discord’s infrastructure for malicious content, as malicious code geared for the Discord platform can be found on GitHub. A threat actor can use malware to abuse the core features of Discord, including Discord API and Discord Bots. Threat actors could potentially access screenshotting, key logging and executing files, to then carry out an attack. Most concerningly, the malware may be difficult to detect as it can be classified as Discord traffic, or be disguised as a legitimate program.
CPR discovered that the Discord Bot API, a simple Python implementation which eases modifications and shortens the development process, can easily turn the bot into a simple Remote Access Trojan (RAT – Tool used by malware developers to gain full access and remote control on a user’s system).
This research aims to educate users on how to better protect themselves from the spread of such malicious activity while using an application like Discord, and CPR advises users to avoid unknown websites, or only download from trusted sources in order to reduce vulnerability to malware attacks.
