Security firm Cyberark Labs published an interesting claim to have identified a new threat group using Discord to distribute malware, in this well-argued article on their web site:
https://www.cyberark.com/resources/threat-research-blog/the-not-so-secret-war-on-discord
It would be interesting to see what Steve Gibson’s take on this article might be. Seems like the focus is more on Discord’s traditional gamer user base, but it still sounds like something to keep informed about.
Would also like Steve’s take on this.
But at the same time, a lot of this seems like a bit click-baity to me. Piggybacking C&C or payload deployment off of Discord’s CDN… we could just as easily impugn Amazon S3 or any other public service provider with the same argument. It’s the nature of the platform, it’s like saying roads are bad because criminals sometimes use them.
The section on Injecting Code into Discord Source is the part that mainly caught my interest. However, unless this is a supply chain attack, wouldn’t it require users to acquire the doctored install bits from a nefarious source? As usual, dad-clicking your way through the internet is as safe as swinging a gold pocket watch, wandering thru the Tenderloin at 3am.
1 Like