Malware Spreads on Discord through Messages and Bots

Popular chat platform Discord continues to be targeted by hackers as malware spreads through both user-sent messages and third-party Discord bots.

Malicious bots and malware based on the Discord API on GitHub have recently been uncovered by Check Point Research. These bots have been found capable of key-logging, taking photos with user webcams, downloading files, and enabling the malware to launch whenever the device is booted.

In addition to bots, threat actors are also using Discord’s content delivery network (CDN) to store and deploy spyware, trojans, password stealers, and backdoors, according to a new study by Risk IQ.

“Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN,” RiskIQ’s report stated, adding that hackers “[create] channels with the sole purpose of delivering these malicious files.”

Discord has yet to release a statement or any action steps on these security issues. In the meantime, users are advised to stay vigilant when it comes to suspicious links and bots — which may pose a challenge as Discord attracts users as young as 13 years old.

Discord Bots Targeted by Hackers

The malicious bots discovered by Check Point Research (CPR) pose a large threat to the messaging platform, as these programs are:

  • Readily available on the internet
  • Written using cross-platform language, which lets them work on different operating systems (Windows, OSX, Linux)
  • Using encrypted communication
  • Capable of running without installation

CPR tested Discord’s security by creating their own bot with “malicious functionalities.”

“We discovered that the Discord Bot API, a simple Python implementation which eases modifications and shortens the development process, can easily turn the bot into a simple Remote Access Trojan (RAT),” CPR’s report said.

A RAT is a tool that can give hackers full remote access and control on a victim’s system.

The bot’s communication process was handled by Discord, meaning it was protected by the platform’s TLSv1.3 encrypted communication.

“Aside from the fact that the communication is encrypted (which does not require any effort from the attacker), it is classified as Discord’s traffic,” CPR stated. “This means there is no way of distinguishing between malicious and legitimate traffic, which makes the malware much harder to detect.”

Discord Content Delivery Network Plagued by Malware

Meanwhile, RiskIQ studied Discord’s CDN and detected several URLs containing “.exe, DLL, and various document and compressed files.” The research group found four types of malware: Backdoor, Password Stealer (PWS), Spyware, and Trojan.

“Prior reporting and forum chatter has suggested that a file is always available on the Discord CDN link, even when that file was deleted from the channel,” RiskIQ stated in its report.

“[However, we] found that the files do not continue to persist on the CDN and do indeed get deleted, returning a 403 HTTP error code when one attempts to visit the link later on. Thus, the file is no longer being distributed once deleted from the channel,” it added.

RiskIQ said it has already submitted its findings to Discord.

Staying Safe on Discord

Discord is a chat platform that allows for unlimited messaging, voice calling, and video conferencing. Initially marketed as a space for gamers, Discord has since welcomed organizations and companies on its platform. Earlier this year, it also began rolling out features targeting university students.

The platform allows users as young as 13 years old, although younger users are widely known to be on Discord, as well. Games popular among younger kids like Minecraft and Roblox have large communities on Discord. For information on keeping children safe on Discord, check out our resource guide here.

As of writing, Discord has yet to address these persistent security issues.

In the meantime, we recommend being extra careful about clicking links or downloading files on Discord. The security of Discord bots is difficult to verify, but users can usually join a bot’s community server to test out its features before inviting said bot to their personal servers. Installing an antivirus can also help protect your device from malicious software.

For more tips on safety and cybersecurity, visit our article here.

News & Tech Editor
Nica is a news and tech editor at VPNOverview. She has an educational background in journalism and has worked in content marketing across several industries, including finance and cybersecurity.