Malware 'can persist indefinitely unless reported' in the chat software's cloud files.
A few weeks back, leading cybersecurity company Sophos issued a
Please login to see this link Get registered or Log in |
Sophos notes the number of malware detections over the past couple of months has grown by almost 140 times what it was for the same period last year. And part of that problem comes down to how Discord files are stored in the cloud.
"Once files are uploaded to Discord, they can persist indefinitely unless reported or deleted," the report says.
In its research into the types of malware that litter the Discord cloud storage, Sophos found a bunch of game cheating tools. Some were meant to exploit Discord integration protocols in order to crash an opponent's game, and some were advertised as 'enhancements' meant to unlock paid content, keys and bypasses. The catch is that only a few were found to contain the intended cheating software, most were actually some form of credential theft masquerading as such.
But while we laugh at the idea of cheaters getting their comeuppance, there is darker work permeating our Discord haven.
Among the cheat-bait, other nasties slink by undetected: password-hijacking malware families, spyware, fake android apps meant to nab financial info or intercept transactions. Even chat bot API exploiting malware that vies for control of channels, and some that extract stolen information only to post it into private servers.
The most common focus for Discord malware is the theft of user's personal information, using stealer malware and remote access Trojans (RATs) to do their dirty work.
Sophos explains, "The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users."
So, while Discord does have a few tricks up its sleeve to combat malware, it cannot protect against human complacency.
Harmful files can go unreported for months, and pose a serious threat to other users. If you don't want to be an accessory to the fact, don't hesitate to pull up something that's out of place to a moderator. And of course, no matter who sends it, think twice before clicking that link that just popped up on your favorite server.
Article By Katie Wickens
Original article:
Please login to see this link Get registered or Log in |
My Take:
Well, I know some of you may think I am positing this to prove an old point that Discord is bad, and if you truly knew me, you would know that is false. I like Discord, just hate some of the crap that is with it, and design/functionality that I think is poor. But this warning, even though it is specifically on Discord right now, this stuff can happen on any platform like Skype, TS3, ect..., just as of now, Discord seems to be the target and the more areas they try making their platform cover, the more they will be targeted.
Just like I always say, just be weary of any file that is presented to you to download, also if they send you a link to a site, ALWAY, look at the URL. I don't care if it's on Discord, TS3, PM, Email, letter strapped to the foot of a pigeon, just be cautious, even if you know them because their profile could have been hijacked, which I have had a friend just last year on Steam, have his account hijacked, (He now uses a separate password and 2FA).