After inadvertently becoming the vector to spread malware several times, Discord has devised a strategy to prevent it. Reportedly, Discord now switches to temporary CDN links for all files, preventing abuse of its network.
Discord To Use Temporary CDN Links
According to the details shared by Bleeping Computer, Discord has decided to switch to temporary CDN links for shared files.
Discord emerged as a popular file-sharing platform (besides being known for communication) featuring permanent file hosting. While this feature facilitated users to share documents conveniently, it often became an indirect malware-spreading tool following abuse.
One such abuse happened lately when researchers found criminal hackers using Discord (and Telegram) to spread the QwixxRAT Windows malware.
Now, to combat this issue, Discord has now decided to ditch the permanent file hosting feature for users. Instead, the platform adopts to temporary CDN links, that will expire within 24 hours for Discord users.
To introduce this functionality, dubbed “authentication enforcement,” the CDN URLs will exhibit three parameters, ex, is, and hm, that will add unique signatures (hm), and expiration timestamps (ex). After the link expires, the user client must fetch a new CDN URL.
The API will automatically return valid, non-expired URLs when you access resources that contain an attachment CDN URL, like when retrieving a message.
This update won’t come into effect immediately. Instead, Discord has announced the move now, giving time for the users to adapt as they introduce the change until the year-end. As Discord stated,
Discord developers may see minimal impact and we’re working closely with the community on the transition. These changes will roll out later this year and we’ll share more info with developers in the coming weeks.
Besides, as clarified in a Reddit post, this change will only apply “when linked off-platform.” The on-platform links will continue to function accordingly. That means this change won’t harm Discord users; rather, the platform merely restricts the public accessibility of its file-hosting functionality to prevent malicious abuse.
While this move arrives as a cybersecurity measure from the platform, some users have expressed disappointment that they would lose Discord’s popular and free file-sharing functionality. Nonetheless, most users appreciate this move as it would secure the platform from malware threats to a larger extent.
Let us know your thoughts in the comments.
