Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware.
Miscreants took to Discord and distributed malicious programs including NanoCore, njRAT, SpyRAT to gamers using the chat servers, but that was just one aspect of a wider pattern of abuse. Symantec discovered some groups were brazenly using Discord as a black market to sell malware or stolen data.
Symantec security response notified Discord's security team about the abuse. Discord responded by removing the malicious files from the servers' chat channels. Discord has since added a new virus scanning feature which runs on the backend whenever a user uploads an executable or archive file.
Chris Boyd, a senior malware intelligence analyst at Malwarebytes and avid gamer, told El Reg that the tactic has the potential to entrap the unwary.
"Pushing malware directly from chat in VoIP is a good way for the scammers to keep a low profile, and many gamers new to VoIP services may well fall for it," Boyd explained.
"Using malware as bait in chat links has been a popular tactic for many years, and is also particularly common in gaming circles," Boyd added. "Whether we're talking about direct messages between gamers on Xbox Live or group chat in Twitch streams, this has always been a problem."
Scammers pushing these files are branching out into other areas such as fake driver downloads, files to make bogus streams play, and free in-game item cheats. ®