Skip to content 
DiscordBy the end of the year, Discord will force all users to use temporary file links in order to prevent hackers from utilizing its content delivery network (CDN) to host and distribute malware.
Discord is improving how it handles CDN URL attachments to give users a more secure and safe experience. Discord told BleepingComputer that this will specifically assist our safety team in limiting access to content that has been flagged and in general lowering the quantity of malware that is delivered over our CDN.
Discord users that share content inside the Discord software are unaffected. The client’s links will all automatically refresh. We advise people to look for a better solution if they are hosting files on Discord.
Discord developers might not notice much of a difference, and we’re collaborating closely with the community during the shift. Later this year, these modifications will be implemented, and in the upcoming weeks, we’ll give developers additional details.”
All links to files uploaded to Discord servers will expire after 24 hours following the implementation of the file hosting shift, which Discord refers to as authentication enforcement later this year.
Discord’s CDN cannot be used for long-term file hosting; instead, three additional attributes added to CDN URLs will include expiration timestamps and distinct signatures that will last until the links expire.
Links shared outside of Discord servers will only expire when the firm implements modifications to its authentication enforcement policy, even though these criteria are already added to Discord links.
The three additional URL parameters ex, is, and hm are added to attachment CDN URLs in order to increase security for Discord’s CDN. Links with a given signature (hm) will be valid until the expiration timestamp (ex) until authentication enforcement kicks in later this year, according to an explanation provided by the Discord development team in a message shared on the Discord Developers server.
Your app must request a new CDN URL in order to access the attachment CDN link once it expires. When you request resources (such as a message retrieval) that have an attachment CDN URL, the API will automatically provide correct, non-expired URLs.
A significant advancement in the fight against malware
This is a highly anticipated step in the direction of addressing the continuous difficulties Discord confronts in reducing cybercrime activity on its platform, given that its servers have long functioned as havens for malicious activity linked to state-sponsored and financially motivated hacking gangs.
Discord’s persistent file hosting features have often been abused to spread malware and steal information obtained through webhooks from infected systems.
Discord has so far had difficulty putting into place efficient measures to stop hackers from abusing its platform, take immediate action to solve the issue, or at the very least, lessen its impact, despite the fact that it has grown in severity in recent years.
Discord CDN URLs have reportedly been used by at least 10,000 malware operations to distribute second-stage malicious payloads on compromised devices, according to a recent analysis by cybersecurity company Trellix.
Malware loaders and scripts that install malware, like RedLine stealer, Vidar, AgentTesla, zgRAT, and Raccoon stealer, make up the majority of these payloads.
Trellix’s data indicates that over the past few years, a number of malware families, including Agent Tesla, UmbralStealer, Stealerium, and zgRAT, have also leveraged Discord webhooks to steal sensitive data from affected computers, including browser cookies, cryptocurrency wallets, and credentials.
2 thoughts on “Discord file links will expire after a day to fight malware”