Discord will change to short-term file hyperlinks for all customers by the tip of the 12 months to dam attackers from utilizing its CDN (content material supply community) for internet hosting and pushing malware.
“Discord is evolving its strategy to attachment CDN URLs in an effort to create a safer and safer expertise for customers. Specifically, it will assist our security crew limit entry to flagged content material, and usually cut back the quantity of malware distributed utilizing our CDN,” Discord instructed BleepingComputer.
“There isn’t any affect for Discord customers that share content material throughout the Discord shopper. Any hyperlinks throughout the shopper might be auto refreshed. If customers are utilizing Discord to host recordsdata, we might suggest they discover a extra appropriate service.
“Discord builders may even see minimal affect and we’re working intently with the group on the transition. These modifications will roll out later this 12 months and we’ll share extra data with builders within the coming weeks.”
After the file internet hosting change (described by Discord as authentication enforcement) rolls out later this 12 months, all hyperlinks to recordsdata uploaded to Discord servers will expire after 24 hours.
CDN URLs will include three new parameters that can add expiration timestamps and distinctive signatures that can stay legitimate till the hyperlinks expire, stopping using Discord’s CDN for everlasting file internet hosting.
Whereas these parameters are already being added to Discord hyperlinks, they nonetheless should be enforced, and hyperlinks shared outdoors Discord servers will solely expire as soon as the corporate rolls out its authentication enforcement modifications.
“To enhance safety of Discord’s CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. As soon as authentication enforcement begins later this 12 months, hyperlinks with a given signature (hm) will stay legitimate till the expiration timestamp (ex),” the Discord improvement crew defined in a submit shared on the Discord Builders server.
“To entry the attachment CDN hyperlink after the hyperlink expires, your app might want to fetch a brand new CDN URL. The API will robotically return legitimate, non-expired URLs whenever you entry assets that include an attachment CDN URL, like when retrieving a message.”
A large leap ahead within the battle towards malware
This can be a much-anticipated transfer towards the continuing challenges Discord faces in curbing cybercrime actions throughout its platform, seeing that its servers have lengthy served as breeding grounds for malicious actions related to financially motivated and state-backed hacking teams.
Discord’s everlasting file internet hosting capabilities have incessantly been misused to distribute malware and exfiltrate information gathered from compromised methods utilizing webhooks.
Regardless of the escalating scale of this concern lately, Discord has up to now struggled to implement efficient measures to discourage cybercriminals’ abuse of its platform and decisively handle the issue or, on the very least, restrict its affect.
In accordance with a latest report by cybersecurity firm Trellix, Discord CDN URLs have been exploited by no less than 10,000 malware operations to drop second-stage malicious payloads on contaminated methods.
These payloads primarily encompass malware loaders and scripts that set up malware, reminiscent of RedLine stealer, Vidar, AgentTesla, zgRAT, and Raccoon stealer.
In accordance with Trellix’s information, varied malware households, together with Agent Tesla, UmbralStealer, Stealerium, and zgRAT, have additionally used Discord webhooks over the previous few years to steal delicate data like credentials, browser cookies, and cryptocurrency wallets from compromised units.