News & Stories

Discord will switch to temporary links to curb the spread of malware

Ray Fernandez

Nov 8, 20235 min read

Discord will switch to temporary links to curb the spread of malware: Header image

Discord, the messaging platform with more than 550 million registered accounts, is reported to be working on a new feature to increase its security. 

In addition to its role as a popular community platform for gamers, Discord is known for being a hotspot of cybercriminal activity. Now, it is responding to attacks that are using its own digital infrastructure to launch target users. 

On November 4, Bleeping Computer reported that Discord will switch to temporary file links for all users by the end of 2023. A Discord spokesperson told Bleeping Computer that the switch will help block cybercriminals from using the messaging app’s infrastructure to distribute malware. 

A breakdown of Discord’s new security features

As Moonlock recently reported, Lumma Stealer is the latest family of malware to be distributed through Discord’s own content delivery network (CDN) — smaller edge data centers working close to the user to speed up the service.  

To put an end to these and other similar types of attacks, a Discord spokesperson told Bleeping Computer that they are working on a new approach to CDN attachments that will create a “safer and more secure experience for users.”

Attackers that upload malware files on Discord’s CDN send messages to random Discord users, trying to trick them into downloading the file. Typically, in these phishing scams, criminals offer potential victims a reward for testing out a game. When the victim agrees, they are sent the malicious file stored on Discord’s own CDN.

According to Bleeping Computer, bad actors will now have a harder time, as all file links on Discord’s CDN will automatically be deleted after 24 hours under a new “authentication enforcement” policy.

The new policy introduces three new parameters to CDN URLs. These parameters add unique authentication signatures and expiration timestamps. 

“These changes will ensure that files uploaded to Discord’s servers can’t be hosted indefinitely, a feature previously exploited by cybercriminals,” Bleeping Computer said. 

Will Discord’s new 24-hour auto-delete policy affect regular users?

There are two ways that Discord users upload files to share among their contacts: through Discord’s platform and using third-party sites and services that get the same job done. Cybercriminals usually prefer the second method. Criminals also use services that allow them to store the file externally while the link to the file is hosted internally in Discord´s CDN. 

Screenshot of how files are uploaded on Discord.
Discord is a trademark of Discord, Inc.

Naturally, Discord users wonder if this new security feature will have any effect on the way they upload and share content. But a company spokesperson assured Bleeping Computer that regular users will see no impact regarding content sharing. In reality, this statement is not entirely accurate.

The new feature will apply to links of files stored on the CDN and not on Discord clients, where links are automatically refreshed. However, some Discord users do host files externally.

“Users that do host files externally will need to find new alternative services, as the file links will expire after 24 hours,” Discord said. 

A breeding ground for cybercriminal activity

One of the reasons that malware is so prolific in Discord is because the company has always allowed any user to host files permanently, and it is easy to share these files. For the most part, its community benefits from this feature, but cybercriminals also exploit it to easily distribute malware and steal data from users.  

For years, Discord has been on a path to becoming what SOC Radar recently called “The New Playground for Cybercriminals.” SOC Radar explains that the open platform is ideal for bad actors because it is largely unregulated and anonymous. Its features are ideal for phishing, malware distribution, dark-web-style markets, and social engineering. 

Discord provides numerous features that criminals can exploit to carry out various cyberattacks, such as phishing, malware distribution, and social engineering.  

SOC Radar

Another recent investigation by Trellix revealed the extent of the dangerous digital environment, assuring that they examined about 10 million malware samples moving through Discord in the past three years. 

How to play it safe on Discord 

While some experts argue that the best way for users to stay safe is to switch to an alternative messaging app, not all Discord users will agree, as they value the app for its community and benefits. Those who are die-hard Discord fans can still take certain steps and consider some tips to make their accounts more secure. 

Most users on Discord are young and tend to ignore the calls from the cybersecurity community. That said, the first step they should take is to understand that they, too, can become cyberattack victims. And the second step is for them to take action.

Discord cybersecurity and safety tips

Here are some tips to increase your security on Discord:

  1. Remain vigilant, especially when talking to strangers who urge you to download files. 
  2. Be cautious when clicking on unknown links, even if they come from friends or known sources, as their accounts may have been hacked. 
  3. Get a trusted and recognized antimalware solution. It will help you identify suspicious messages, websites, apps, links, or files in real time before they can cause damage or breach your system.
  4. Keep all your apps, software, and operating systems updated.  
  5. Check out Discord’s own Scam Blog to learn about the trending scams, free Nitro-cons, fake games and videos, malicious NFT and other giveaways, and how hackers impersonate Discord’s official accounts. 

Discord users should also: 

  1. Choose secure passwords
  2. Enable two-factor authentication (2FA)
  3. Block and report other users when needed
  4. Fine-tune and strengthen their Discord Privacy and Safety settings, including Friend request settings and DM spam filters

Configure your friend request settings to determine who can send you a friend request. The options are Everyone (should be ideally disabled), Family and Friends, and Server Members. 

DM spam filters can be set to automatically send direct messages that may contain spam into a separate spam inbox.

Despite the challenging landscape that Discord faces, its user base continues to grow year after year. This growth proves that users — especially gamers between 18 and 24 years of age — still value the platform.   

Discord’s new features will be released by the end of the year. It’s still too early in the game to really know they represent a solution to its cybersecurity woes. However, we welcome Discord’s new efforts to secure its CDN and block criminals from using its own infrastructure to launch campaigns that can harm its users.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Discord Inc. Discord is a trademark of Discord Inc.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.