Skip to main content

Beware links to Discord's website — it could be malware [updated]

The Discord Google Play listing displayed on a phone screen.
(Image credit: Sharaf Maksumov/Shutterstock)

Updated with comment from Discord.

Malicious hackers and online criminals are using Discord's file-storage network to warehouse and distribute malware linked from or attached to spam emails, security firm Zscaler says in a new report. 

There's no evidence that Discord itself, one of the most popular chat services among online gamers, condones this misuse of its network.

Among the types of malware currently attacking gamers from Discord's servers, says Zscaler, are the Epsilon ransomware, the Redline information-stealer, the XMRig cryptocurrency miner and various "token grabbers" that steal temporary Discord login information. 

Windows users infected by this malware could have files stolen, Discord accounts hijacked, or PCs locked.

This malware is often not being spread through Discord itself nor does it infect the Discord desktop app, said Zscaler. 

Instead, it's being spread as attachments and links in emails sent to gamers promising cheat codes, game modifications, pirated games and gaming-related files and images.

The emails link back to Discord's content-delivery network (CDN) housed at cdn.discordapp.com. The CDN is where Discord stores files, including executable applications, that users have uploaded to the chat service.

A diagram illustrating how Discord's content-delivery network is allegedly being used by third parties to spread malware.

A diagram illustrating how Discord's content-delivery network is allegedly being used by third parties to spread malware. (Image credit: Zscaler)

"The attack usually starts with spam emails in which users are tricked with legitimate-looking templates into downloading next-stage payloads," the Zscaler report says. "This campaign uses Discord services to form a URL to host malicious payloads as follows: https://cdn.discordapp.com/attachments/ChannelID/AttachmentID/filename.exe."

Because users are accustomed to sending and receiving files through Discord, they often won't think twice about trusting and downloading files housed in Discord's CDN — even though anyone can upload anything to the service.

"An attacker can upload a malicious file on a Discord channel and share its public link with others — even non-Discord users can download it," Zscaler explained. "Worse, a file sent from Discord is there forever, so even if an attacker deletes a file within Discord, its link can still be used to download the malicious file."

How to protect yourself

To avoid having your PC infected with malware that arrives from Discord's CDN, make sure you have some of the best antivirus software installed. Before you open a downloaded file, right-click the file in File Explorer and scan the unopened file with your antivirus software.

Be wary of attachments and links in emails that point back to Discord's website. And keep in mind that cheats, mods and pirated games will often be corrupted with malware.

Tom's Guide has reached out to Discord for comment, and we will update this story upon reply. 

Update: Discord replies

In response to our inquiry, a Discord spokeperson provided us with this statement:

"Discord relies on a mix of proactive scanning and reactive reports to detect malware and viruses on our service. Once we become aware of these cases, we remove the content immediately. In regards to this specific case, we investigated the situation and removed the affected content."