Beware links to Discord's website — it could be malware [updated]
Beware links to Discord's website — it could be malware [updated]
Updated with comment from Discord.
Malicious hackers and online criminals are using Discord's file-storage network to warehouse and distribute malware linked from or fastened to spam emails, security business firm Zscaler says in a new report.
There'due south no prove that Discord itself, i of the nigh popular chat services among online gamers, condones this misuse of its network.
- Everything you need to know about using Discord
- The all-time antivirus software for Windows 10
- Plus: Can't find an Nvidia RTX 3080? These GeForce cards are coming back
Among the types of malware currently attacking gamers from Discord's servers, says Zscaler, are the Epsilon ransomware, the Redline data-stealer, the XMRig cryptocurrency miner and diverse "token grabbers" that steal temporary Discord login information.
Windows users infected by this malware could have files stolen, Discord accounts hijacked, or PCs locked.
This malware is often not beingness spread through Discord itself nor does it infect the Discord desktop app, said Zscaler.
Instead, information technology's being spread as attachments and links in emails sent to gamers promising cheat codes, game modifications, pirated games and gaming-related files and images.
The emails link dorsum to Discord's content-delivery network (CDN) housed at cdn.discordapp.com. The CDN is where Discord stores files, including executable applications, that users have uploaded to the chat service.
"The attack ordinarily starts with spam emails in which users are tricked with legitimate-looking templates into downloading next-stage payloads," the Zscaler report says. "This campaign uses Discord services to form a URL to host malicious payloads as follows: https://cdn.discordapp.com/attachments/ChannelID/AttachmentID/filename.exe."
Because users are accepted to sending and receiving files through Discord, they often won't think twice about trusting and downloading files housed in Discord'south CDN — even though anyone can upload anything to the service.
"An aggressor tin upload a malicious file on a Discord channel and share its public link with others — even non-Discord users tin can download it," Zscaler explained. "Worse, a file sent from Discord is there forever, then fifty-fifty if an assaulter deletes a file within Discord, its link tin can still exist used to download the malicious file."
How to protect yourself
To avert having your PC infected with malware that arrives from Discord'south CDN, make certain you lot take some of the all-time antivirus software installed. Before you open a downloaded file, right-click the file in File Explorer and scan the unopened file with your antivirus software.
Be wary of attachments and links in emails that point dorsum to Discord's website. And keep in mind that cheats, mods and pirated games volition often be corrupted with malware.
Tom'due south Guide has reached out to Discord for comment, and we will update this story upon reply.
In response to our enquiry, a Discord spokeperson provided us with this statement:
"Discord relies on a mix of proactive scanning and reactive reports to discover malware and viruses on our service. Once we become enlightened of these cases, we remove the content immediately. In regards to this specific example, we investigated the state of affairs and removed the affected content."
- More: Some people go more phishing emails than others — here's why
Source: https://www.tomsguide.com/news/discord-server-malware
Posted by: sturgesbeires95.blogspot.com
0 Response to "Beware links to Discord's website — it could be malware [updated]"
Post a Comment