The team from CyberArk Labs – a US-headquartered identity security firm – spotted the malware called Vare which uses Discord’s infrastructure as a backbone for its operations.
🔥BREAKING NEWS! 🔥We here at @CyberArkLabs uncovered a new #malware named #Vare, a @Discord specific info stealer… https://t.co/c8VZ4f31oU
— CyberArk Labs (@CyberarkLabs) 1681395407000
This malware is linked to a new group called ‘Kurdistan 4455’ based out of southern Turkey and is still early in its forming stage, according to security researchers.
The firm contacted Discord and notified their support team on the different ways attackers misuse Discord’s features, and of the new malware group.
“However, despite our numerous attempts we did not get a definitive response from Discord,” they said in a blog post.
Discover the stories of your interest
The origins of malware on the platform can be traced back to the introduction of Discord Nitro. For a monthly fee, Nitro allows users to send larger files and longer messages, have higher quality video streaming and much more.
The malware group ‘Kurdistan 4455’ has adopted past methods for their own benefit, targeting other malware groups instead of users, reaping their success with minimal effort.
Vare is a malware written in Python. It is an info stealer that uses Discord both as a data exfiltration (the theft or unauthorised removal or movement of any data from a device) infrastructure and a target to steal from.
The security researchers scanned and analysed 2,390 of GitHub’s public repositories related to Discord malware.
They found 44.5% of repositories are written in Python and are standalone malware.
About 20.5% of repositories (second in popularity) are written in JavaScript and these repositories mainly take the approach of injecting into Discord.
“Vare is a perfect case of how publicly available repositories are being used to help arm cybercrime groups and how attackers can leverage Discord’s infrastructure maliciously,” said the report.
With Discord being such a popular platform among corporate developers, these developers could potentially put their organisations at risk if the malware is able to infect their endpoints.