Discord Still a Hotbed of Malware Activity — Now APTs Join the Fun

A new report by Trellix reveals that Discord, a popular communication platform, is being increasingly used by hackers, including advanced persistent threat (APT) groups, to target critical infrastructure. Hackers are abusing Discord in various ways, such as using its content delivery network (CDN) to distribute malware, modifying the Discord client to steal passwords, and exploiting Discord webhooks to steal data. At least 10,000 malware samples have been found to use Discord's CDN to load second-stage payloads on systems. Additionally, 17 malware families have been observed using Discord webhooks since August 2021 to collect and upload stolen data. APT groups are now joining in the abuse of Discord, making tracking and attribution difficult. The report highlights a case where an APT group targeted critical infrastructure in Ukraine using Discord webhooks for data exfiltration. Despite efforts to deter cybercriminals, Discord has been unable to effectively address the problem due to its scale and the legitimate use of its features by most users.