Malware can easily abuse Discord features to attack users

Asia's Tech News Daily

Malware can easily abuse Discord features to attack users
© Provided by TechRadar Malware

Cybersecurity experts have successfully demonstrated that the features of gaming-centric messaging platform Discord can easily be abused for malicious purposes.

Researchers from Check Point Research (CPR) have spotted “early signs” of malicious actors interested in exploiting some of Discord’s most useful features to target users of the platform.

“The most prominent sign is a multi-functional malware available to anyone on Github. This malware has the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord,” write CPR researchers Idan Shechter & Omer Ventura.

TechRadar needs you!

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

>> Click here to start the survey in a new window <<

Discord claims to have 19 million active servers per week that facilitate communication between its 150 millions active users, making it an attractive target for threat actors.

Discord in discord

As they analyzed the malware, which is written in Python, CPR researchers realized that the root of the problem is the Discord API that doesn’t require any type of confirmation or approval. 

Since the API is open for everyone to use, threat actors can use it to program bots that can turn the platform’s features for malicious purposes like malware development, botnet setups, C2 communication and malicious file hosting

Talking of malicious file hosting, a Sophos research claimed that in Q2 2021 it detected 17,000 unique malware URLs in the Discord content delivery network

“Because Discord messages are encrypted, users can’t easily tell if malware is attached to their communications,” says Saryu Nayyar, CEO of security vendor Gurucul.

Bad for business

The problem however doesn’t have an easy solution, and the CPR researchers believe that preventing Discord malware can’t be done without harming the Discord community. 

“All too often, developers emphasize functionality over security, and this is an example of an exploitation that probably could have been addressed with a better software design. But the Discord platform itself has to be able to collect and analyze data in real time to look for and remediate unusual activity,” believes Nayyar.

While the CPR researchers suggest that it’s up to the users’ actions to keep their devices safe, Doug Britton, CEO of cybersecurity talent acquisition firm Haystack Solutions believes that it’s time Discord does some introspection.

“Discord is an amazing product but it needs to take a deep look at the trade off between open functionality and security. Relying on users to recognize malicious intent is not a sustainable solution and becoming a RAT gateway is bad for business,” opines Britton.

Stay safe online with the best antivirus services around

Internet Explorer Channel Network
Asia's Tech News Daily
News Related

OTHER NEWS

Parliamentary panel on Data Protection Bill to seek extension for report submission

Representative image The Joint Committee of Parliament (JCP) on the Personal Data Protection Bill will move a motion in Lok Sabha on December 1 seeking extension of time for presentation ... Read more »

Toyota: First UK Human Support Robot Home Trial at the Home of Anthony Walsh

© Getty Images Anthony Walsh Meets HSR Anthony Walsh lived in Southgate, North London, with his wife Siobhan and two young children.  He was diagnosed with MND in May 2021 ... Read more »

Live Cyber Monday deals still available

Read more »

COVID-19: Mild and moderate cases during pregnancy doesn't harm babies' brains, finds study

Parents should be reassured, there is "no evidence that a maternal SARS-CoV-2 infection has any effect on the brain development of the unborn child" say scientists. Read more »

OnePlus 8 series gets stable Android 12 update in the form of Paranoid Android Sapphire Alpha

Android 12 was finally released in its stable form on October 4 and the source code of the same was uploaded to AOSP on that particular day. The Paranoid Android ... Read more »

RNLI lifeboat 'blocked from going to rescue migrants by angry fishermen'

The RNLI Hastings lifeboat heads out to sea during a training exercise. (File photo: PA) A group of angry fishermen blocked a lifeboat from going to sea to rescue migrants ... Read more »

Johnson admits Moderna CEO 'probably right' about Omicron

Boris Johnson admits Moderna CEO Stephane Bancel is “probably right” about the possibility that current vaccines may struggle against the new Omicron Covid variant. He stresses though that Bancel was ... Read more »

Best Bluetooth speaker deals live now: Bose, JBL, Ultimate Ears and more

Online retailers often run so many Bluetooth speaker deals, you may find yourself thinking ‘where do I start’? Well, we humbly suggest that if you want the sonic performance to ... Read more »

Woman awarded $2.1 million in damages after Walmart got her arrested for shoplifting

An Alabama woman who says she was falsely arrested for shoplifting at a Walmart and then threatened by the company after her case was dismissed has been awarded USD 2.1 ... Read more »

MI6 boss warns of cyber threat from China

© Stefan Rousseau/PA Wire/PA Images Richard Moore Richard Moore will say terrorists, organised crime gangs and hostile states are wreaking havoc in both the physical and digital worlds. The Chief ... Read more »

Best identity management software of 2021

The best identity management software makes it simple and easy to implement and manage user authentication with Single Sign-On (SSO) apps. The best identity management software Click the links below ... Read more »

These Google Pixelbook Go Cyber Monday deals are brilliant...and end today

Out of the many Chromebooks you can currently buy, the Google Pixelbook Go is easily one of the best out there, and showcases what can be done with ChromeOS. It’s ... Read more »

Why open source makes enterprises more secure and innovative

Open source software is everywhere. It is pervasive, in every sector, with 99% of software projects containing an open source component. And the reason is that open source is an ... Read more »

AWS re:Invent 2021 keynote live blog

Refresh 2021-11-29T17:22:56.100Z (Image credit: Future / Mike Moore) This is of course the first in-person AWS re:Invent since 2019, and thousands of attendees, customers and AWS employees have flocked to ... Read more »

Many workers were stuck with barely functional laptops during the pandemic

Poorly performing laptops and an often unresponsive IT department were some of the toughest challenges facing remote and hybrid workers during the pandemic, new research has found. Polling more than ... Read more »

Why I call bullshit on “the Apple Car's” rumored 2025 release

If you’re a fan of “allegedly,” “people close to the source,” and other rumor-inducing phrases — any coverage about the Apple iCar should be your cup of tea. This week, ... Read more »

Elizabeth Holmes testifies alleged sexual assault by former partner influenced her to mislead investors

The former CEO of Theranos, who is charged with falsely claiming to investors that her company had invented a revolutionary blood test, is on trial in the US. Read more »

Twitter suffers outage for web users in India

Twitter on Tuesday faced an outage mostly for its web users in India as they reported problems in gaining access to its website. The outage came as the micro-blogging platform ... Read more »

Twitter CEO Parag Agarwal trolled over this 11-year-old tweet

Parag Agrawal’s appointment as Twitter CEO, which makes him the youngest CEO on S&P 500, means Twitter will have a full-time CEO for the first time in years. Parag Agarwal, ... Read more »

Google to buy power from Orsted's offshore wind farm

Danish offshore wind developer Orsted on Tuesday said it has secured a 12-year power purchase agreement with Google, which aims to power all its data centres and offices using solely ... Read more »

Facebook-owner Meta told to sell Giphy as British regulator blocks acquisition

A panel found that Facebook would be able to increase its already significant market power in relation to other social media platforms. Read more »

Samsung set to compete against TSMC with new foundry in US

Lee Jae-yong, vice chairman of Samsung Electronics, speaks with reporters upon arriving at the Seoul Gimpo Business Aviation Center after completing his business trip to the United States, Wednesday. Korea ... Read more »

Hyundai Oilbank, Haldor Topsoe team up for eco-friendly fuels

Hyundai Oilbank and Haldor Topsoe, a Danish company specializing in carbon reduction technologies, signed a memorandum of understanding in early November to develop eco-friendly fuels. Courtesy of Hyundai Oilbank By ... Read more »

BMW iX lineup to upstage Tesla in luxury EV market

The BMW iX / Courtesy of BMW Korea BMW iX pre-orders exceed 2,000, beating out Tesla in luxury EV market By Kim Hyun-bin BMW Korea has launched its flagship EV, ... Read more »

Net regulator hints action against Netflix

Netflix Vice President of Public Policy Dean Garfield speaks at a press conference held at the JW Marriot Hotel Dongdaemun Square Seoul, Nov. 4. Yonhap By Kim Bo-eun Korea’s broadcasting ... Read more »

Philip Morris creates designated vaping areas

Philip Morris established a vaping room at Parc.1 in Seoul. Courtesy of Phillip Morris By Kim Hyun-bin Philip Morris Korea announced that it has created an outdoor smoking area for ... Read more »

Lenovo retains lead in global PC market after surprise withdrawal of Shanghai listing

Lenovo Group, the world’s largest personal computer maker, maintained its market leader position globally and at home in the third quarter despite a cancelled blockbuster IPO in Shanghai and a ... Read more »

Linux Foundation launches quantum computing alliance to drive interoperability

The Linux Foundation has announced a new joint effort to help facilitate interoperability within the quantum computing ecosystem. Dubbed Quantum Intermediate Representation (QIR), the alliance is part of the Linux ... Read more »

GOG.com goes back to its roots with ‘handpicked' library of DRM-free games

We’ve just heard that GOG.com is losing money and has decided to change tack as a result, going back to its roots. The digital store, which is owned by CD ... Read more »

Grab this Bose QuietComfort Cyber Monday deal while you still can

Cyber Monday is drawing to a close, but there are still some fantastic headphones deals to take advantage of – and this excellent Bose discount has caught our eye in ... Read more »

Susanna Reid wows viewers with jaw-dropping look – as co-stars make cheeky comments

Susanna Reid wowed viewers on Tuesday morning's episode of Good Morning Britain with her festive look – and even her co-stars had some comments to make! MORE: Susanna Reid recalls ... Read more »

These Are The Symptoms Of The Omicron Variant We Know So Far

Though the Omicron variant has dominated news stories this week around the world, little is known about its implications on the individual so far in the UK. But a doctor, ... Read more »

Labour Set To Back Call To Dock Boris Johnson's Pay By More Than £40,000

Ian Blackford claimed Boris Johnson was ‘not fit for office’. (Photo: House of Commons – PA Images via Getty Images) Labour will support an SNP no confidence motion in Boris ... Read more »

Late Cyber Monday deal knocks $250 off a HP Chromebook at Best Buy

HP has a great selection of Chromebooks, especially if you’re planning on using one for college work, and this one is no different at Best Buy, as part of this ... Read more »

Best Usenet providers of 2021

The best Usenet providers help you better connect with the sites and groups and files that you need. Usenet newsgroups have been around since the dawn of the internet as ... Read more »

A ‘Bitcoin City' in El Salvador inspired by ancient Greeks? Here's a reality check.

From the risk that cryptocurrency lead to "a paradise for money laundering," experts say, to the difficulties of building a city from scratch. Read more »

Chinese spies are targeting the UK, warns MI6 chief

Chinese intelligence is mounting “large-scale” espionage operations against the UK and its allies as it attempts to steal technology and distort political decision-making, the chief of MI6 has warned. In ... Read more »

EasySplitter Pro Vocal Remover makes it simple to hack any track

TLDR: EasySplitter Pro Vocal Remover makes it simple to isolate song elements to create your own music, karaoke tracks, or just listen to acapella versions on your favorite songs. Maybe ... Read more »

This solar generator set can power your home for up to a week. And it's an extra 20% off right now

TLDR: Get prepared for anytime the power goes out with the Generark backup battery and solar power tandem, now at a special Cyber Monday price. It’s a crazy world out ... Read more »

Hundreds of thousands of Android users infected by banking malware hosted on Play Store

In another instance of threat actors sneaking malware-ridden apps past Google’s threat detection filters, cybersecurity researchers have revealed that over 300,000 users have downloaded malicious Android apps containing banking trojans. ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic