Leading cybersecurity company, Sophos, has warned that Discord is becoming a common target for hackers, potentially putting at risk Discord’s 140 million-plus active users.
- READ MORE: ‘Hell Let Loose”s lead developer on how hardcore games can do more to welcome new players.
Originally spotted by PCGamer, Sophos has noticed that the number of malware detections via Discord has grown by almost 140 times over the last couple of months in comparison to the same period in 2020. The report explains that’s partly down to how Discord files are stored in the cloud. “Once files are uploaded to Discord, they can persist indefinitely unless reported or deleted,” explained the report, leaving it open to abuse.
In its investigation, Sophos found that much of the malware relates to game cheating tools, tapping into many players’ less scrupulous urges to get ahead. Some are meant to exploit Discord integration protocols in a bid to crash an opponent’s game while others were touted as ‘enhancements’ meant to unlock paid content for free or bypass other blocks.
However, while the concept may sound appealing to some users, only a few were found to actually contain the intended software. The vast majority were some form of credential theft.
The most common focus for Discord malware is the theft of personal information using stealer malware and remote access Trojans (also known as RATs). Sophos went into detail to explain how these work: “The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users.”
There’s even the risk of chatbot AI exploiting malware and extracting stolen information before posting it into private servers.
Sophos continued to explain that ransomware is also an issue through the files hosted on Discord’s cloud with much of it predominantly the older variety of ransomware meaning there is no way of paying the ransom.
Notably, Discord responded to Sophos’ reports and has taken down most of the malicious files reported but the platform remains a “dumping ground for malware” according to Sophos. Regular users should be careful of any files they download from the service.
In other Discord news, the company is stepping up its anti-harassment efforts with a new AI acquisition.