Sophos research: Hackers targeting Discord platform

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Cybercriminals are increasingly using the popular chat platform Discord to distribute and control malware targeting users of the service, new research by next-generation cybersecurity company Sophos has found.  

According to researchers from the company, malware is increasingly targeting the Discord chat platform, and the misuse of Discord has grown substantially over the last year. The cyberthreats uncovered by the researchers include information-stealing malware, spyware, backdoors, and ransomware resurrected as “mischiefware”. 

The findings are based on an analysis by Sophos researchers of more than 1,800 malicious files detected on Discord’s content management network (CDN). Among other things, the research reveals how the number of URLs hosting malware on the network during the second quarter of 2021 increased by 140% compared to the same period in 2020.

Sean Gallagher, senior threat researcher at Sophos said “Discord provides a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware – in much the same way attackers have used Internet Relay Chat and Telegram. Discord’s vast user base also provides an ideal environment for stealing personal information and credentials through social engineering.”

“We found one malware that can steal private images from the camera on an infected device, as well as ransomware from 2006 that the attackers have resurrected to use as ‘mischiefware’. The mischiefware denies victims access to their data, but there’s no ransom demand and no decryption key,” said Gallagher.

“Further, adversaries have caught on that companies increasingly use the Discord platform for internal or community chat in the same way they might use a channel like Slack. This provides attackers with a new and potentially lucrative target audience, especially when security teams can’t always inspect the Transport Layer Security-encrypted traffic to and from Discord to see what’s going on and raise the alarm if needed.”

The investigation into malicious content linked to Discord found the following:

1. The malware is often…