Friday, March 1, 2024

Discord will swap to momentary file hyperlinks to dam malware supply


Discord will swap to momentary file hyperlinks for all customers by the tip of the yr to dam attackers from utilizing its CDN (content material supply community) for internet hosting and pushing malware.

“Discord is evolving its strategy to attachment CDN URLs with a view to create a safer and safer expertise for customers. Specifically, this can assist our security group limit entry to flagged content material, and usually cut back the quantity of malware distributed utilizing our CDN,” Discord advised BleepingComputer.

“There isn’t a affect for Discord customers that share content material throughout the Discord consumer. Any hyperlinks throughout the consumer shall be auto refreshed. If customers are utilizing Discord to host recordsdata, we might advocate they discover a extra appropriate service.

“Discord builders might even see minimal affect and we’re working carefully with the group on the transition. These modifications will roll out later this yr and we’ll share extra information with builders within the coming weeks.”

After the file internet hosting change (described by Discord as authentication enforcement) rolls out later this yr, all hyperlinks to recordsdata uploaded to Discord servers will expire after 24 hours.

CDN URLs will include three new parameters that may add expiration timestamps and distinctive signatures that may stay legitimate till the hyperlinks expire, stopping the usage of Discord’s CDN for everlasting file internet hosting.

Whereas these parameters are already being added to Discord hyperlinks, they nonetheless must be enforced, and hyperlinks shared exterior Discord servers will solely expire as soon as the corporate rolls out its authentication enforcement modifications.

“To enhance safety of Discord’s CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. As soon as authentication enforcement begins later this yr, hyperlinks with a given signature (hm) will stay legitimate till the expiration timestamp (ex),” the Discord growth group defined in a submit shared on the Discord Builders server.

“To entry the attachment CDN hyperlink after the hyperlink expires, your app might want to fetch a brand new CDN URL. The API will mechanically return legitimate, non-expired URLs whenever you entry sources that include an attachment CDN URL, like when retrieving a message.”

An enormous leap ahead within the battle in opposition to malware

This can be a much-anticipated transfer towards the continuing challenges Discord faces in curbing cybercrime actions throughout its platform, seeing that its servers have lengthy served as breeding grounds for malicious actions related to financially motivated and state-backed hacking teams.

Discord’s everlasting file internet hosting capabilities have often been misused to distribute malware and exfiltrate information gathered from compromised methods utilizing webhooks.

Regardless of the escalating scale of this challenge lately, Discord has thus far struggled to implement efficient measures to discourage cybercriminals’ abuse of its platform and decisively deal with the issue or, on the very least, restrict its affect.

In response to a current report by cybersecurity firm Trellix, Discord CDN URLs have been exploited by at the very least 10,000 malware operations to drop second-stage malicious payloads on contaminated methods.

These payloads primarily include malware loaders and scripts that set up malware, reminiscent of RedLine stealer, Vidar, AgentTesla, zgRAT, and Raccoon stealer.

In response to Trellix’s information, varied malware households, together with Agent Tesla, UmbralStealer, Stealerium, and zgRAT, have additionally used Discord webhooks over the previous few years to steal delicate info like credentials, browser cookies, and cryptocurrency wallets from compromised gadgets.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles