27 Unique Malware Deliverables Discovered from Discord CDN Abuse

  • Studies have shown Discord has 27 unique malware deliverables on its CDN and channels.
  • Varieties include backdoors, password stealers, spyware and trojans.
  • Trojans are the most common of all these malware types.

Discord is arguably the most popular VoIP, instant messaging, and digital distribution platform for gaming, animation, and other related entertainment industries. Recent discoveries in cybersecurity have indicated that Discord's 140 million users might be in danger of targeted malware attacks.

Discord users are allowed to sort channel by topic and attach all types of files. This includes images, docs, other files, and even executables. All this data is stored on Discord's Content Delivery Network (CDN) servers. Studies have shown that a lot of these files are malicious in nature, and some channels are created simply to distribute these corrupted files.

RiskIQ aggregated the number of channels and hashes marked as VirusTotal. An investigation included 100 into the malicious content deliverable category. They also detected over eighty files from seventeen malware families, with the most common belonging to trojan families. Most channels will have one file for distributing malicious content.

According to Microsoft's detection and further research, Discord has 27 unique malware families basically divided into four types.

  • Backdoors: AsyncRat, Bladabindi, QuasarRAT
  • Spyware: Raccoon Stealer
  • Trojan: AgentTesla, AZORult, ClipBanker, Clipper, CryptInject, DefenseEvasion, Dridex, Formbook, Grwtpia, Mokes, NanoBot, Phonzy, RelineStealer, Sabsik, Tiggre, Wacatac, Woreflint
  • Password Stealers(PWS): DarkStealer, Dcstl, Mercurial, Mintluks, RedLine

One example is a channel's ID associated with zoom-download[.]ml which prompts users to download a Zoom plugin for MS Outlook but sends over Dcstl password stealer instead. Another channel hosted a Raccoon password stealer file from a Taplink domain which is used for hosting micro landing pages used for directing individuals to Instagram or other social media pages. AsyncRAT backdoor tricks the user into downloading what they believe as Discord Nitro to enhance text chat, voice, and video, but they end up getting infected.

 AsyncRAT hosted on Discord's CDN.

How to Watch Shetland Season 7 Online From Anywhere
Shetland is back to answer all of the questions that left us hanging at the end of the last series, and you...
Real Madrid Vs Eintracht Frankfurt Live Stream: How to Watch UEFA Super Cup Final Online From Anywhere
The new soccer season is upon us, which means it is time for the UEFA Super Cup Final. Played between the previous...
How to Watch I Am Groot Online On Disney Plus
Marvel's I Am Groot is almost here, which means Marvel fans need to add one more show to their watchlist this summer. We...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari