Cyber-security researchers have discovered a new malware that is distributed over the popular chatting platform Discord which has more than 300 million active users.
The team from CyberArk Labs spotted the malware called Vare that uses Discord’s infrastructure as a backbone for its operations.
This malware is linked to a new group called ‘Kurdistan 4455’ based out of southern Turkey and is still early in its forming stage, according to security researchers.
The cyber-security firm contacted Discord and notified their support team on the different ways attackers misuse Discord’s features, and of the new malware group.
“However, despite our numerous attempts we did not get a definitive response from Discord,” they said in a blog post.
The origins of malware on the platform can be traced back to the introduction of Discord Nitro. For a monthly fee, Nitro allows users to send larger files and longer messages, have higher quality video streaming and much more.
The malware group ‘Kurdistan 4455’ has adopted past methods for their own benefit, targeting other malware groups instead of users, reaping their success with minimal effort.
Vare is a malware written in Python. It is an info stealer that uses Discord both as a data exfiltration infrastructure and a target to steal from.
The security researchers scanned and analysed 2,390 of GitHub’s public repositories related to Discord malware.
They found 44.5 per cent of repositories are written in Python and are standalone malware.
About 20.5 per cent of repositories (second in popularity) are written in JavaScript and these repositories mainly take the approach of injecting into Discord.
“Vare is a perfect case of how publicly available repositories are being used to help arm cybercrime groups and how attackers can leverage Discord’s infrastructure maliciously,” said the report.
With Discord being such a popular platform among corporate developers, these developers could potentially put their organisations at risk if the malware is able to infect their endpoints.