Discord once again found to be hosting malware payloads

Campaign orchestrated through the web browser

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have once again witnessedDiscordbeing used to host malicious payloads during an investigation into the increasing use of HTML smuggling.

A previous report fromSophosresearchers showed the popular gaming-centric messaging platform has unwittingly emerged as thecybercriminals' allyas a means to host and distributemalware.

Now, researchers at Menlo Security deconstructing a new attack have also found threat actors using Discord for hosting malicious payloads.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Named ISOMorph, the campaign uses HTML smuggling to drop the first stage malware through theweb browser.

Attack the browser

Attack the browser

The researchers explain that HTML smuggling helps deliver malware by effectively bypassing various network security solutions including sandboxes, legacy proxies, andfirewalls.

“We believe attackers are using HTML Smuggling to deliver the payload to the endpoint because the browser is one of the weakest links without network solutions blocking it,” notesMenlo Security in a blog postanalyzing the ISOMorph campaign.

HTML Smuggling was also used in themost recent spear-phishing campaignby the Nobelium group, the threat actor which perpetrated theSolarWinds supply-chain attack.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Popular withweb developersas a means to optimizefile downloads, threat actors use HTML smuggling to bypass standard perimeter security, explains Menlo Security.

Once it’s in place, the dropper fetches the malicious payload and installs remote access trojans (RATs) that allow the attacker to use the infected machine for their illegitimate purposes.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)