Beware links to Discord's website — it could be malware [updated]
Popular chat service's network allegedly being abused by criminals
Updated with comment from Discord.
Malicious hackers and online criminals are using Discord's file-storage network to warehouse and distribute malware linked from or attached to spam emails, security firm Zscaler says in a new report.
There's no evidence that Discord itself, one of the most popular chat services among online gamers, condones this misuse of its network.
- Everything you need to know about using Discord
- The best antivirus software for Windows 10
- Plus: Can't find an Nvidia RTX 3080? These GeForce cards are coming back
Among the types of malware currently attacking gamers from Discord's servers, says Zscaler, are the Epsilon ransomware, the Redline information-stealer, the XMRig cryptocurrency miner and various "token grabbers" that steal temporary Discord login information.
Windows users infected by this malware could have files stolen, Discord accounts hijacked, or PCs locked.
This malware is often not being spread through Discord itself nor does it infect the Discord desktop app, said Zscaler.
Instead, it's being spread as attachments and links in emails sent to gamers promising cheat codes, game modifications, pirated games and gaming-related files and images.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
The emails link back to Discord's content-delivery network (CDN) housed at cdn.discordapp.com. The CDN is where Discord stores files, including executable applications, that users have uploaded to the chat service.
"The attack usually starts with spam emails in which users are tricked with legitimate-looking templates into downloading next-stage payloads," the Zscaler report says. "This campaign uses Discord services to form a URL to host malicious payloads as follows: https://cdn.discordapp.com/attachments/ChannelID/AttachmentID/filename.exe."
Because users are accustomed to sending and receiving files through Discord, they often won't think twice about trusting and downloading files housed in Discord's CDN — even though anyone can upload anything to the service.
"An attacker can upload a malicious file on a Discord channel and share its public link with others — even non-Discord users can download it," Zscaler explained. "Worse, a file sent from Discord is there forever, so even if an attacker deletes a file within Discord, its link can still be used to download the malicious file."
How to protect yourself
To avoid having your PC infected with malware that arrives from Discord's CDN, make sure you have some of the best antivirus software installed. Before you open a downloaded file, right-click the file in File Explorer and scan the unopened file with your antivirus software.
Be wary of attachments and links in emails that point back to Discord's website. And keep in mind that cheats, mods and pirated games will often be corrupted with malware.
Tom's Guide has reached out to Discord for comment, and we will update this story upon reply.
Update: Discord replies
In response to our inquiry, a Discord spokeperson provided us with this statement:
"Discord relies on a mix of proactive scanning and reactive reports to detect malware and viruses on our service. Once we become aware of these cases, we remove the content immediately. In regards to this specific case, we investigated the situation and removed the affected content."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.