Recent malware such as ransomware, phishing as well as broad malware campaigns has been making the news. In an ongoing campaign against popular American community platform Discord, several malware variants including phishing, ransomware (probably the worst kind of malware), stealers, and miners have been detected by ThreatLabZ -a Zscaler research team.

What is Discord?

Discord is a server-based digital distribution platform that hosts topic-based channels meant for creating communities, sharing, collaborating, and chatting. It’s an ‘app’ catered towards the younger demographic, most popularly used within gaming circles (like an entertainment-focused version of Slack). Discord was released in 2015 and has become enormously popular amongst gamers, with functions such as; group chat, voice chat, video, and gaming live stream abilities. Discord does not only cater to the gaming community though, as everyone from content creators, writers, developers, streamers, and even companies such as Microsoft and Slack have transitioned to Discord. Today, over 200 million people use it, and it has become one of the most downloaded apps out on the app market. Since the world has been in lockdown for a while now, younger generations, in particular, have been active on the internet for everything from gaming, social media, and school. A large part of the young demographic is on Discord where they socialize with friends while having access to games, chats, and live streams. Over the past few days, Zscaler’s ThreatLabZ has revealed that multiple indications of malicious threats have been discovered, targetting gamers on the Discord community.

What is Happening With Discord?

Zscaler’s cybersecurity research company ThreatLabZ revealed that there is an ongoing malware campaign targetting Discord users. The research team’s findings list the following issues;

Cybercriminals are hosting malicious files on Discord CDN Multiple malware variants are exploiting ‘cdn.discordapp.com’ Gamers are tricked into downloading malware-laced software File icons are also modified to resemble downloadable software Miners, stealers, and ransomware are active on Discord’s CDN

Discord CDN refers to a ‘Content Conveyance System’ or ‘Content Delivery Network’ which is essentially a distributed group of servers that work together on the ‘cloud’.

Details Concerning The Discord Malware Campaign

Cybercriminals are using emails laced with infected templates offering fake downloads. The downloads are usually a type of gaming software that lures gamers into downloading. Further details from the researchers reveal that multiple active malware campaigns are causing several vulnerabilities at the ‘cdn.discord.app’ target. According to official information from Zscaler, the malware variants are the following;

Token grabbers XMRig miner Redline stealer Epsilon ransomware

Miner

In this case, the ‘XMRig’ miner malware injects itself into the user’s computer and changes system file permissions, meanwhile connecting to a server and mining information from the computer.

Stealer

The ‘Redline’ stealer in this case functions just like the miner, it hoovers credentials such as credit card info, cookies, logins, and passwords from the victim’s computer.

Ransomware

Dubbed the ‘Epsilon’ ransomware, in this case, the malware creates a deep system (registry) key, encrypts the hard disk (takes it ransom), and later blackmails the victim by displaying a ‘ransom’ note on the screen. These were the types of malware observed. It is also important to note that ‘token grabbers’ were also downloaded into the user PCs, which steal Discord tokens (essentially allowing the hacker control and access into the server).

The Implications of The Malware Campaign

Malware cyberattacks on Discord servers are not a new occurrence. Discord has been having issues with malware for months now, as Discord’s trouble with malware and ‘grabbers’ was noted back in October 2020. According to Zscaler, in 2020 (during the post-lockdown period) they noticed a “sharp increase in game downloads, and this activity did not go unnoticed by cybercriminals.” The popularity of games such as ‘Among Us‘ (just one example) was key for cybercriminals. Cybercriminals would then exploit gamers’ hunger for gaming software and divert them into downloading illegitimate and infected versions of various games. It appears that the CDN cloud Discord uses isn’t exactly safe until a workaround is applied. Malicious users can upload their files easily and then distribute the public link to others, even to “non-Discord users”.

Zscaler Research Team ThreatLabZ Warns of Discord Malware Variants - 95Zscaler Research Team ThreatLabZ Warns of Discord Malware Variants - 93Zscaler Research Team ThreatLabZ Warns of Discord Malware Variants - 74Zscaler Research Team ThreatLabZ Warns of Discord Malware Variants - 89