BleepingComputer reports that persistent exploitation of Discord's content delivery network to facilitate malware hosting and distribution has prompted the instant messaging and VoIP social platform to deploy a new 24-hour expiration limit for all uploaded links to servers, along with new expiration timestamps and unique signatures valid until link expiration by year-end.
"To access the attachment CDN link after the link expires, your app will need to fetch a new CDN URL. The API will automatically return valid, non-expired URLs when you access resources that contain an attachment CDN URL, like when retrieving a message," said the Discord development team.
Such a development represents a significant anti-malware measure for Discord, which has long faced challenges in curbing platform exploitation for spreading malware, with Trellix reporting that at least 10,000 malware operations have leveraged Discord CDN URLs to deploy malware loaders, scripts, and other second-stage payloads to facilitate AgentTesla, RedLine, and Vidar malware infections.
