It is important to note that CPR’s experiment was for educational purposes only, and no harm was done to any user or platform. We decided to explore the idea of using Discord bots for malicious purposes, in particular, implementing a Discord bot with malicious functionalities to provide an attacker with remote code execution capabilities. File hosting can be used for Dropzone (Server in the Internet that serves additional files).
No need to install anything but the malware on the victim machine.
The exe file remains undetected by the AV engine. As Discord’s popularity has increased, so has the use of these bots.Ĭurrently, most Discord bots can be installed through centralized services, such as “top.gg” which offers a wide variety of free-to-use bots.įigure 7: Process explorer shows the malicious code executed under Discord process. This malware has the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord.ĬPR decided to explore the potential abuse of Discord by threat actors, and more importantly, determine how to prevent these attacks.ĭiscord lets users integrate code for enhanced features that allows for easier community management. The most prominent sign, is a multi-functional malware available to anyone on Github. According to influencer marketing hub there are currently over 150 million monthly active users.Ĭheck Point Research (CPR) has spotted early signs of malicious actors interested in this emerging technology. In 2021, Discord, a popular cross-platform application, hosted more than 19 million active servers related to different genres and topics (gaming, arts, marketing, finance, sports, etc.). These platforms allow users to do everything from creating meetings to configuring subject-oriented channels and topic-related communities. The past year has seen a major upturn in the use of VoIP, instant messaging and digital distribution platforms. Users must be aware that Discord’s bot framework can be easily used for malicious intent.There are currently over 150 million monthly active users on Discord.Check Point Research (CPR) spotted a multi-functional malware with the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord.Research by: Idan Shechter & Omer Ventura
0 kommentar(er)
