Discord, the popular messaging, and streaming service, will begin using temporary file links for all users by the end of the year to cut down the amount of malware distributed by attackers using its CDN (content delivery network).
The new temporary file links will expire after 24 hours for user content shared outside of Discord, which means these links will no longer be available after the expiration time, and the files will be deleted.
The intention of the move is to crack down on malware and provide a safer environment and more secure experience for users. It also aims to restrict the extensive use of Discord as an unofficial file-hosting service.
“Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content, and generally reduce the amount of malware distributed using our CDN,” a spokesperson for Discord told BleepingComputer.
“There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto-refreshed. If users are using Discord to host files, we’d recommend they find a more suitable service.
“Discord developers may see minimal impact and we’re working closely with the community on the transition. These changes will roll out later this year and we’ll share more info with developers in the coming weeks.”
Discord will add three new parameters to the CDN URLs, which will include expiration timestamps and unique signatures that will remain valid until the link expires. This will prevent the use of Discord’s CDN for permanent file hosting. Also, users will need to generate a new link to access the file after the expiration date.
“To improve security of Discord’s CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. Once authentication enforcement begins later this year, links with a given signature (hm) will remain valid until the expiration timestamp (ex),” the Discord development team explained in a post shared on the Discord Developers server.
“To access the attachment CDN link after the link expires, your app will need to fetch a new CDN URL. The API will automatically return valid, non-expired URLs when you access resources that contain an attachment CDN URL, like when retrieving a message.”
According to a recent report by cybersecurity company Trellix, nearly 10,000 malware samples were found to be stored on Discord’s CND that were distributed online. The attackers used the platform’s webhooks to extract data from victims’ computers and private individuals and then leaked it to a Discord channel run by them.
