Breaking News: The Alarming Discord Features That Could Hijack Your Account

Discord, with its growing popularity and more than 140 million monthly active users, has become a widely used online chat service. Initially targeting gaming communities, Discord’s multiple features and user-friendly interface have attracted a broader audience, including developers who utilize it for app development, allowing them to save time and focus on more advanced tasks.

However, this ease of use has also made Discord an attractive platform for cyber attackers who exploit its features to develop malware, making it challenging to detect and mitigate against these threats. In this article, we will explore the Discord features that make users vulnerable to cyberattacks and discuss common attack methods employed on the platform.

Discord Nitro and the Rise of Malware

The origins of malware on the Discord platform can be traced back to the release of Discord Nitro. Discord Nitro offered premium features such as the ability to send larger files, longer messages, and access higher quality video streaming. The desirability of these features led some users to resort to nefarious methods to obtain Discord Nitro without paying, including brute-forcing gift keys and social engineering.

Unfortunately, some users took these methods further by operating malware to target others on the platform, steal credit card information, and remotely purchase Discord Nitro gift keys. Malicious actors resell these gift keys for profit, while victims remain unaware of the unauthorized transactions taking place.

Exploitable Features

Malware operators employ various strategies to make it difficult for users to detect threats on Discord. One common strategy involves using a Content Delivery Network (CDN) to host payloads that their tools can download and run. By hosting payloads on popular services protected by HTTPS, it becomes challenging to differentiate between malicious and benign files.

Another tool used by malware operators is Command and Control (C&C) communication over Discord’s API. Discord’s API allows straightforward communication between users on the platform and the program. Implementing C&C communication over the API is a simple task, as it connects with a single endpoint accessible through legitimate services. This type of communication is difficult to monitor and mitigate against.

Introduced in 2020, webhooks are another Discord feature that is now exploited for malicious purposes. Webhooks allow server owners to create a webhook for any channel they own and send messages to it through a simple HTTPS request. While originally designed for legitimate operations like notifying new git pull requests, attackers have misused webhooks to exfiltrate stolen data from their targets.

User Data at Risk

Injecting a payload into Discord’s source code has gained popularity as a method to exploit user data. Discord’s app source code is hosted locally in plaintext and is not checked for tampering before execution, making it possible to inject malicious code. This method allows malware operators to execute actions such as exfiltrating private conversations, creating fake messages, and even buying Discord Nitro gift keys in the victim’s name.

While injecting code into Discord may seem appealing for stealing money without leaving an easy trace, it has several drawbacks. New updates may remove the option to inject code, and this method requires an initial “injector” to insert the payload into the app’s source code.

Using GitHub to Develop Malware

GitHub has become a platform for developing malware specifically targeting Discord, often referred to as “Discord Stealer.” Operators can easily clone repositories from GitHub, compile them, and have a functioning malware sample within minutes to infect victims. Our research indicates that 44.5% of these repositories are written in Python, while 20.5%

.