Discord will swap to short-term file hyperlinks for all customers by the top of the 12 months to dam attackers from utilizing its CDN (content material supply community) for internet hosting and pushing malware.
“Discord is evolving its strategy to attachment CDN URLs to be able to create a safer and safer expertise for customers. Specifically, this may assist our security staff limit entry to flagged content material, and usually cut back the quantity of malware distributed utilizing our CDN,” Discord advised BleepingComputer.
“There isn’t any impression for Discord customers that share content material inside the Discord consumer. Any hyperlinks inside the consumer might be auto refreshed. If customers are utilizing Discord to host recordsdata, we would suggest they discover a extra appropriate service.
“Discord builders might even see minimal impression and we’re working carefully with the neighborhood on the transition. These modifications will roll out later this 12 months and we’ll share extra data with builders within the coming weeks.”
After the file internet hosting change (described by Discord as authentication enforcement) rolls out later this 12 months, all hyperlinks to recordsdata uploaded to Discord servers will expire after 24 hours.
CDN URLs will include three new parameters that may add expiration timestamps and distinctive signatures that may stay legitimate till the hyperlinks expire, stopping using Discord’s CDN for everlasting file internet hosting.
Whereas these parameters are already being added to Discord hyperlinks, they nonetheless should be enforced, and hyperlinks shared exterior Discord servers will solely expire as soon as the corporate rolls out its authentication enforcement modifications.
“To enhance safety of Discord’s CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. As soon as authentication enforcement begins later this 12 months, hyperlinks with a given signature (hm) will stay legitimate till the expiration timestamp (ex),” the Discord growth staff defined in a publish shared on the Discord Builders server.
“To entry the attachment CDN hyperlink after the hyperlink expires, your app might want to fetch a brand new CDN URL. The API will mechanically return legitimate, non-expired URLs whenever you entry assets that comprise an attachment CDN URL, like when retrieving a message.”
A large leap ahead within the battle in opposition to malware
This can be a much-anticipated transfer towards the continuing challenges Discord faces in curbing cybercrime actions throughout its platform, seeing that its servers have lengthy served as breeding grounds for malicious actions related to financially motivated and state-backed hacking teams.
Discord’s everlasting file internet hosting capabilities have often been misused to distribute malware and exfiltrate knowledge gathered from compromised methods utilizing webhooks.
Regardless of the escalating scale of this concern in recent times, Discord has to date struggled to implement efficient measures to discourage cybercriminals’ abuse of its platform and decisively handle the issue or, on the very least, restrict its impression.
In line with a current report by cybersecurity firm Trellix, Discord CDN URLs have been exploited by not less than 10,000 malware operations to drop second-stage malicious payloads on contaminated methods.
These payloads primarily include malware loaders and scripts that set up malware, comparable to RedLine stealer, Vidar, AgentTesla, zgRAT, and Raccoon stealer.
In line with Trellix’s knowledge, numerous malware households, together with Agent Tesla, UmbralStealer, Stealerium, and zgRAT, have additionally used Discord webhooks over the previous few years to steal delicate info like credentials, browser cookies, and cryptocurrency wallets from compromised units.
