In a peculiar turn of events, Discord, the instant messaging and calling app, has found itself muddled with new ransomware. The ransomware is called ‘Hog’ ransomware and is targeting unknown victims.
Discord is a popular instant messaging and VoIP app that is primarily intended for making groups and communities. Users connect with each other individually as well as in groups and communities via audio and video calls, instant messaging, and can also share media and files in private chats or as part of communities called “servers”.
Investigating the Discord ‘Hog’ ransomware:
The research came to the result that the ransomware is encrypting users’ devices and only decrypts them if they join the developer’s Discord server.
Later, a particular investigation also led to the discovery of the encryptor factor for the ransomware.
When the encryptor was implemented, it was found that the malware scans if the particular Discord server exists and if the condition outputs true, initiates the encryption process of the malware in victim files.
When the malware gets deployed via the malicious server, it encrypts victim files and supplements the .hog extension, and automatically extracts the decryptor factor.
Once the malware concludes the encryption process of the device, it then fires the DECRYPT-MY-FILES.exe decryptor process from the Windows Startup folder.
The particularly launched decryptor will then explicates victims of the happening and provokes them to insert their Discord user tokens.
If the victim falls prey to the malware and provides their Discord token, it then permits the ransomware to legitimize to its APIs using the victim’s identity.
In a case where the target victim had joined the malicious server and or the server doesn’t exist, the ransomware will initiate decryption of the victim’s files by implementing a static key integrated into the Hog ransomware.
Importance of Discord security:
Even though the Hog malware is appearing to be rather new and in its development phase, it doesn’t fail to exemplify the fact threat malicious actors are abusing Discord and its implementations for malware and cyberthreat activities because of its popularity and widespread applications.
Increasing news and reports are directing toward the threats posed to Discord and its commonly abused platform by malicious actors to distribute malware or poach user data and information.
As malicious actors target Discord, it is essential for administrators and network security tools to supervise the app traffic for cyberthreats and malware.