banner



Beware links to Discord's website — it could be malware [updated]

Beware links to Discord's website — it could be malware [updated]

The Discord Google Play listing displayed on a phone screen.
(Image credit: Sharaf Maksumov/Shutterstock)

Updated with comment from Discord.

Malicious hackers and online criminals are using Discord's file-storage network to warehouse and distribute malware linked from or fastened to spam emails, security business firm Zscaler says in a new report.

There'due south no prove that Discord itself, i of the nigh popular chat services among online gamers, condones this misuse of its network.

  • Everything you need to know about using Discord
  • The all-time antivirus software for Windows 10
  • Plus: Can't find an Nvidia RTX 3080? These GeForce cards are coming back

Among the types of malware currently attacking gamers from Discord's servers, says Zscaler, are the Epsilon ransomware, the Redline data-stealer, the XMRig cryptocurrency miner and diverse "token grabbers" that steal temporary Discord login information.

Windows users infected by this malware could have files stolen, Discord accounts hijacked, or PCs locked.

This malware is often not beingness spread through Discord itself nor does it infect the Discord desktop app, said Zscaler.

Instead, information technology's being spread as attachments and links in emails sent to gamers promising cheat codes, game modifications, pirated games and gaming-related files and images.

The emails link dorsum to Discord's content-delivery network (CDN) housed at cdn.discordapp.com. The CDN is where Discord stores files, including executable applications, that users have uploaded to the chat service.

A diagram illustrating how Discord's content-delivery network is allegedly being used by third parties to spread malware.

A diagram illustrating how Discord'south content-delivery network is allegedly being used past third parties to spread malware. (Image credit: Zscaler)

"The attack ordinarily starts with spam emails in which users are tricked with legitimate-looking templates into downloading next-stage payloads," the Zscaler report says. "This campaign uses Discord services to form a URL to host malicious payloads as follows: https://cdn.discordapp.com/attachments/ChannelID/AttachmentID/filename.exe."

Because users are accepted to sending and receiving files through Discord, they often won't think twice about trusting and downloading files housed in Discord'south CDN — even though anyone can upload anything to the service.

"An aggressor tin upload a malicious file on a Discord channel and share its public link with others — even non-Discord users tin can download it," Zscaler explained. "Worse, a file sent from Discord is there forever, then fifty-fifty if an assaulter deletes a file within Discord, its link tin can still exist used to download the malicious file."

How to protect yourself

To avert having your PC infected with malware that arrives from Discord'south CDN, make certain you lot take some of the all-time antivirus software installed. Before you open a downloaded file, right-click the file in File Explorer and scan the unopened file with your antivirus software.

Be wary of attachments and links in emails that point dorsum to Discord's website. And keep in mind that cheats, mods and pirated games volition often be corrupted with malware.

Tom'due south Guide has reached out to Discord for comment, and we will update this story upon reply.

In response to our enquiry, a Discord spokeperson provided us with this statement:

"Discord relies on a mix of proactive scanning and reactive reports to discover malware and viruses on our service. Once we become enlightened of these cases, we remove the content immediately. In regards to this specific example, we investigated the state of affairs and removed the affected content."

  • More: Some people go more phishing emails than others — here's why

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, lawmaking monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You lot can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/discord-server-malware

Posted by: sturgesbeires95.blogspot.com

0 Response to "Beware links to Discord's website — it could be malware [updated]"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel