The use of voice and text chat platform Discord is often seen as the new normal in coordination among communities and video game enthusiast groups.
Its popularity, however, has also meant Discord served as a "dumping ground for malware," according to a report released by cybersecurity firm Sophos last Thursday, July 22.
Sophos analyzed 9,000 malware samples during the course of its work, with the malware running the gamut of types, from game hacking software to more malicious programs meant to take down servers or affect Discord users themselves. These include remote access tools, Android-specific malware, and ransomware.
From the samples analyzed, information-stealing malware was the most prevalent threat.
In a statement, Sophos senior threat researcher Sean Gallagher said, "Discord provides a persistent, highly-available, global distribution network for malware operators, as well as a messaging system that these operators can adapt into command-and-control channels for their malware – in much the same way attackers have used Internet Relay Chat and Telegram."
Gallagher added Discord's user base can also serve as an environment by which malicious actors can steal personal information or account credentials using social engineering techniques.
While Discord has taken Sophos' report seriously and removed most of the malicious files analyzed by Sophos, it also needs to work on its security.
The Sophos report added that, "even for malware not hosted on Discord, the Discord API (Application Programming Interface) is fertile ground for malicious command and control network capability that conceals itself" using Discord's transport layer security system.
Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.