Well, it was about time the free, IRC/Teamspeak VOIP service has its holes punched. Discord has become an increasingly popular VOIP platform for gamers over the last couple of years and, with its popularity, hackers are now interested. Sources have warned that hackers are now abusing its servers to host and distribute remote access trojans. Ionut Arghire reports Symantec research on these RATs:
“According to Symantec, most of the malicious samples they discovered on the service include RATs such as NanoCore (Trojan.Nancrat), njRAT (Backdoor.Ratenjay), and SpyRat (W32.Spyrat), yet infostealers, Trojan Horse malware samples, and downloaders were also found being hosted on Discord. The security researchers believe that the malware might have been used in drive-by downloads or social-engineering campaigns.”
So what’s the motive? Experts are speculating that it’s simply to retrieve user credentials towards gaming. “The attackers behind the RATs and other malware may have distributed their threats on the service to steal sensitive information related to online gaming (credentials, items, in-game currency, and contacts) directly from the victim’s computer. This data can be valuable to attackers just as much as other personally identifiable information (PII), such as users’ bank account details, web service credentials, contact numbers, IP addresses, and biometric information. These could all be harvested by data thieves in the process,” Symantec notes.
Because Discord uses similar chat mechanics as IRC it’s easy for hackers to exploit/trick users into downloaded obscure files. Naturally common sense comes into play as Discord users should be careful giving out their information while roaming the streets of Discord servers. Discord has added additional virus scanning services to their software whenever an executable is uploaded as well as permission controls to encourage users to be safe while using the service. Naturally, however, common sense seems to be an easy pawn in the game of hacker vs user.