Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to communicate with their friends and family. All of these make Discord one of the most used collaborative applications worldwide, gathering millions of people.
This popularity has made Discord a common application on almost any computer, including those that are used exclusively for work. Because of that, Discord traffic is frequent in corporate networks, something that malicious actors have realized.
The Trellix Advanced Research Center has analyzed malware that abuses Discord infrastructure in the past. However, most of the samples are information stealers and Remote Access Trojans (RATs) that can be obtained from the Internet, which is quite different from one sample targeting Ukrainian critical infrastructures that we were able to retrieve recently. This is the first time a sample associated with APT activity was found abusing Discord.
To understand the threat landscape, Trellix has collaborated with Threatray to get a general picture. As a result, we identified several families leveraging Discord’s capabilities to conduct their operations and uncovered when they started abusing them, giving an idea of how prevalent this kind of malware is nowadays.
Full article: https://www.trellix.com/about/newsroom/stories/research/discord-i-want-to-play-a-game/