PolyWolf on Security

Discord As Exfil??

Posted on 2022-03-15: https://twitter.com/da_667/status/1503878840988446722

So everyone and their mom knows that Discord’s cdn is a great place to store payloads: publically accessible, hardly any scanning, and people complain if it’s blocked at all.

So it was interesting to find an example of not just Discord being used to host the malware, but also used as a data exfiltration method via their webhooks (somehow). See the payload covered by @da_667 (click to open in new tab):