Malware Abuses Core Features of Discord

Researchers warn that Discord's bot framework can be easily weaponized.

Dark Reading Staff, Dark Reading

October 21, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The popular Discord online platform is becoming a tempting target for bad actors: Researchers found malware employing the core features of Discord to allow an attacker to take screenshots, run keyloggers, and download and execute files.

The underlying issue, according to Check Point Research, is that Discord's API is wide open and doesn't require confirmation or vetting. That makes it ripe for abuse in malware development, botnet creation, C2 communication, and hosting malicious files. There are some 150 million active users of the platform, for chats, voice, and video calls. 

Bottom line: The only solution is to disable all Discord bots, the researchers say. 

"Preventing Discord malware can’t be done without harming the Discord community. As a result, it’s up to the users' actions to keep their devices safe," they wrote in a report. "As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord. As Discord's cache is monitored by modern AVs, which alert a user in case a received file is considered malicious, the files remain available for download. Until relevant mechanisms are implemented, users must apply safety measures and only download trusted files."

Read the full report here

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights