Discord to Implement Temporary File Links to Combat Malware

Discord is taking a new approach to file hosting to combat malware.

Discord is introducing changes to its file hosting to enhance security and restrict the misuse of its platform. This move is intended to curb the use of Discord's content delivery network (CDN) for permanent file hosting and reduce malware distribution.

Discord Implementing Temporary File Links

Discord is taking a new approach to file hosting to combat malware. Soon, the platform will implement temporary file links that will expire after 24 hours for user content shared outside of Discord.

Engadget reported that this change is expected to be in place by the end of the year. While the primary aim is to reduce malware, it will also restrict the unofficial use of Discord as a file-hosting service.

Discord to Implement Temporary File Links to Combat Malware
Discord is introducing changes to its file hosting to enhance security and restrict the misuse of its platform. KIRILL KUDRYAVTSEV/AFP via Getty Images

Users frequently upload content to their servers and share the links elsewhere, which will become less seamless with the shift to temporary links, as they will become inactive after a day.

Following the upcoming alteration to Discord's file hosting, all links to files stored on the platform will automatically expire after 24 hours. These changes, referred to as authentication enforcement by Discord, are anticipated to be implemented later this year.

These modified CDN URLs will feature three additional parameters, incorporating expiration timestamps and unique signatures, ensuring that the links remain valid only until they reach their expiration time. This initiative is designed to curtail the persistent use of Discord's CDN for permanent file hosting.

Although these parameters are currently being included in Discord links, their enforcement will only take effect once the company implements the authentication enforcement changes.

This policy adjustment aims to foster a safer and more secure user experience, particularly in the context of curbing malware distribution and unauthorized file hosting.

Discord's development team has introduced three new URL parameters, namely "ex," "is," and "hm," to bolster the security of the platform's CDN for attachments. These parameters work in unison to create a safer and more secure user experience.

Discord Addressing Issues

Discord's decision to implement these changes is a significant step in addressing the persistent issues it encounters when combating cybercriminal activities on its platform.

For some time now, Discord's servers have been exploited by malicious actors, including financially motivated and state-backed hacking groups, leading to various security concerns.

In particular, Discord's permanent file hosting features have been exploited for the distribution of malware and the extraction of data from compromised systems through the utilization of webhooks. These vulnerabilities have made the platform a target for nefarious activities, necessitating this security-focused adjustment.

Despite the growing magnitude of this issue recently, The Verge reported that Discord has faced challenges in deploying effective countermeasures to deter the misuse of its platform by cybercriminals and to decisively tackle this issue or, at the very least, minimize its repercussions.

Bleeping Computer reported that Discord's CDN URLs have become the target of exploitation by over 10,000 instances of malware operations, which employ them to distribute malicious payloads during the second stage of attacks on compromised systems.

These payloads primarily comprise malware loaders and scripts responsible for installing various forms of malware, including the likes of RedLine stealer, Vidar, AgentTesla, zgRAT, and Raccoon stealer.

Trellix's data further reveals that numerous malware families, such as Agent Tesla, UmbralStealer, Stealerium, and zgRAT, have utilized Discord webhooks in recent years to exfiltrate sensitive information. This stolen data often includes credentials, browser cookies, and cryptocurrency wallets from compromised devices.

Written by Inno Flores
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics