security

New malware in Discord named Vare can steal users' information, warn researchers – Economic Times


Cybersecurity researchers have discovered a new malware that is distributed over the popular chatting platform Discord which has more than 300 million active users.The team from CyberArk Labs – a US-headquartered identity security firm – spotted the malware called Vare which uses Discord’s infrastructure as a backbone for its operations.
This malware is linked to a new group called ‘Kurdistan 4455’ based out of southern Turkey and is still early in its forming stage, according to security researchers.

The firm contacted Discord and notified their support team on the different ways attackers misuse Discord’s features, and of the new malware group.

“However, despite our numerous attempts we did not get a definitive response from Discord,” they said in a blog post.

The origins of malware on the platform can be traced back to the introduction of Discord Nitro. For a monthly fee, Nitro allows users to send larger files and longer messages, have higher quality video streaming and much more.

The malware group ‘Kurdistan 4455’ has adopted past methods for their own benefit, targeting other malware groups instead of users, reaping their success with minimal effort.

Vare is a malware written in Python. It is an info stealer that uses Discord both as a data exfiltration (the theft or unauthorised removal or movement of any data from a device) infrastructure and a target to steal from.

The security researchers scanned and analysed 2,390 of GitHub’s public repositories related to Discord malware.

They found 44.5% of repositories are written in Python and are standalone malware.

About 20.5% of repositories (second in popularity) are written in JavaScript and these repositories mainly take the approach of injecting into Discord.

Readers Also Like:  Meet the AI, fintech, SaaS and security industry chairs at TC Disrupt ... - TechCrunch

“Vare is a perfect case of how publicly available repositories are being used to help arm cybercrime groups and how attackers can leverage Discord’s infrastructure maliciously,” said the report.

With Discord being such a popular platform among corporate developers, these developers could potentially put their organisations at risk if the malware is able to infect their endpoints.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.