PC Gamer is supported by its audience. When you buy through links on our site, we may earn an affiliate commission. Learn more
Malware ‘can persist indefinitely unless reported’ in the chat software’s cloud files.
A few weeks back, leading cybersecurity company Sophos issued a warning that Discord is becoming an increasingly common target for hackers. The vicious few pushing out malware tend to target users of successful online services, and considering Discord’s 140 million plus active users—with over 300 million registered to date—that makes the chat software a pretty juicy target.
Sophos notes the number of malware detections over the past couple of months has grown by almost 140 times what it was for the same period last year. And part of that problem comes down to how Discord files are stored in the cloud.
“Once files are uploaded to Discord, they can persist indefinitely unless reported or deleted,” the report says.
In its research into the types of malware that litter the Discord cloud storage, Sophos found a bunch of game cheating tools. Some were meant to exploit Discord integration protocols in order to crash an opponent’s game, and some were advertised as ‘enhancements’ meant to unlock paid content, keys and bypasses. The catch is that only a few were found to contain the intended cheating software, most were actually some form of credential theft masquerading as such.
But while we laugh at the idea of cheaters getting their comeuppance, there is darker work permeating our Discord haven.Best gaming motherboard: the best boards around
Best AMD motherboard: your new Ryzen’s new home
Among the cheat-bait, other nasties slink by undetected: password-hijacking malware families, spyware, fake android apps meant to nab financial info or intercept transactions. Even chat bot API exploiting malware that vies for control of channels, and some that extract stolen information only to post it into private servers.
The most common focus for Discord malware is the theft of user’s personal information, using stealer malware and remote access Trojans (RATs) to do their dirty work.
Sophos explains, “The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users.”
So, while Discord does have a few tricks up its sleeve to combat malware, it cannot protect against human complacency.
Harmful files can go unreported for months, and pose a serious threat to other users. If you don’t want to be an accessory to the fact, don’t hesitate to pull up something that’s out of place to a moderator. And of course, no matter who sends it, think twice before clicking that link that just popped up on your favourite server.
Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. She can often be found admiring AI advancements, sighing over semiconductors, or gawping at the latest GPU upgrades. She’s been obsessed with computers and graphics since she was small, and took Game Art and Design up to Masters level at uni. Her thirst for absurd Raspberry Pi projects will never be sated, and she will stop at nothing to spread internet safety awareness—down with the hackers.
Sign up to get the best content of the week, and great gaming deals, as picked by the editors.
Thank you for signing up to PC Gamer. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
PC Gamer is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.
Subscribe to Bellscord
By subscribing you agree to receive news and updates from Bellscord.