Discord malware is a persistent and growing threat warns Sophos

Malware 'can persist indefinitely unless reported' in the chat software's cloud files.

(Image credit: TheDigitalArtist - Pixabay & Discord)

A few weeks back, leading cybersecurity company Sophos issued a warning that Discord is becoming an increasingly common target for hackers. The vicious few pushing out malware tend to target users of successful online services, and considering Discord's 140 million plus active users—with over 300 million registered to date—that makes the chat software a pretty juicy target.

Sophos notes the number of malware detections over the past couple of months has grown by almost 140 times what it was for the same period last year. And part of that problem comes down to how Discord files are stored in the cloud. 

"Once files are uploaded to Discord, they can persist indefinitely unless reported or deleted," the report says.

In its research into the types of malware that litter the Discord cloud storage, Sophos found a bunch of game cheating tools. Some were meant to exploit Discord integration protocols in order to crash an opponent's game, and some were advertised as 'enhancements' meant to unlock paid content, keys and bypasses. The catch is that only a few were found to contain the intended cheating software, most were actually some form of credential theft masquerading as such.

But while we laugh at the idea of cheaters getting their comeuppance, there is darker work permeating our Discord haven.

Board walk
(Image credit: MSI)

Best gaming motherboard: the best boards around
Best AMD motherboard: your new Ryzen's new home

Among the cheat-bait, other nasties slink by undetected: password-hijacking malware families, spyware, fake android apps meant to nab financial info or intercept transactions. Even chat bot API exploiting malware that vies for control of channels, and some that extract stolen information only to post it into private servers.

The most common focus for Discord malware is the theft of user's personal information, using stealer malware and remote access Trojans (RATs) to do their dirty work.

Sophos explains, "The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users." 

So, while Discord does have a few tricks up its sleeve to combat malware, it cannot protect against human complacency. 

Harmful files can go unreported for months, and pose a serious threat to other users. If you don't want to be an accessory to the fact, don't hesitate to pull up something that's out of place to a moderator. And of course, no matter who sends it, think twice before clicking that link that just popped up on your favourite server. 

Recent news