모든 토론 > Steam 포럼 > Suggestions / Ideas > 제목 정보
이 토론은 잠겼습니다.
Kerry 2022년 11월 16일 오후 1시 32분
2
Remove all Discord CDN links
The chat program Discord is a known dumping ground for malware and malicious bots, and is widely used for command and control of serious malware including credential stealers, ransomware, and other things. Some malware can even use Discord to crash other players' games.

Sophos, an anti-malware publisher and research group, reports that the greatest amount of malware they've found on the Discord Content Distribution Network is, quote: "credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs."

This means software that steals bank account info and Steam account info.

So by allowing games that link with Discord to run on Steam, ValveCorp is inadvertently putting their users and all the games on this platform at serious risk of catastrophic loss.

I believe that these games should be sanctioned or heavily restricted in their capability to link with Discord, and all links that lead to a Discord server should be considered a direct link to malware.

Source: https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/

EDIT: I will not allow this thread to be derailed by any method. Attempts to bring up previous threads are obvious attempts to derail a thread and will be treated as such.

Each creator who makes a post that attempts to derail this thread will result in one singular chain of action:

Mute, block, report. You're not worthy of my time if you keep trying to derail the thread and troll me. You're not going to get a rise out of me.

EDIT: I'm sick and tired of some people (not naming names) being so stuck-up and closed-minded that they cannot admit that other people have different experiences.

The technically-impossible happens all the time. Just because YOU haven't seen it happen, doesn't mean weird crap doesn't happen!
Kerry 님이 마지막으로 수정; 2022년 11월 17일 오후 4시 44분
< >
전체 댓글 599개 중 31~45개 표시 중
d3str0y3r 2022년 11월 16일 오후 2시 00분 
Kerry Freeman님이 먼저 게시:
You don't need to initiate anything. Discord will click those nasty links FOR you.
No it doesn't you have idea what you are talking about. I am going to report this topic as all you are doing is spreading misinformation.
d3str0y3r 님이 마지막으로 수정; 2022년 11월 16일 오후 2시 01분
#31
Kerry 2022년 11월 16일 오후 2시 01분 
d3str0y3r님이 먼저 게시:
KittenGrindr님이 먼저 게시:


You mean the part where they explain that it's links or files which would mean the user has to click or download them to become compromised?

Clearly OP doesn't not understand what they are reading. At no point does it say anything about "fraudulent clickers". All the malware this article is talking about has to be clicked by the user.

Uh, yes it does.Here's a direct link to where it says that:

https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/#:~:text=Among%20those%20remaining%20available%20just%20prior%20to%20publication%20were%20an%20app%20that%20performs%20fraudulent%20ad-clicking

Among those remaining available just prior to publication were an app that performs fraudulent ad-clicking

I am not spreading misinformation unless Sophos is as well.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 2시 03분
#32
Leonardo Da Pinchi 2022년 11월 16일 오후 2시 01분 
Kerry Freeman님이 먼저 게시:
Satoru님이 먼저 게시:
By this logic steam should get rid of from its own platform

1) Discussions
2) Groups
3) Chat
4) Comments
5) Reviews

Since all of these are venues for phishing attacks

All of these are regulated by Steam and scanned for links to malware.
Actually the links aren't scanned whatsoever, it's a white/blacklist system. And over time, URLs to known scam sites like skin trade sites, reported en mass by users, are added to the blacklist.
#33
AmsterdamHeavy 2022년 11월 16일 오후 2시 03분 
Kerry Freeman님이 먼저 게시:
AmsterdamHeavy님이 먼저 게시:

Now explain how you were blameless in those events, please.

Of course. When I was on Discord, a hacker stole my authentication token to my Discord without my knowledge, and used it to take over my account. They then used it while I watched and attempted to fight back, to no avail.

They used it to post obscene, lewd messages to other people and post messages of crude nature. Images that are banned on most sites, such as pornography and others, were splattered across every server I was in like grafitti on a wall. All would have been traced back to me, had i stayed.

No links were clicked.


...and this has what to do with Steam and games? The premise of the post.
#34
Boblin the Goblin 2022년 11월 16일 오후 2시 05분 
Kerry Freeman님이 먼저 게시:
KittenGrindr님이 먼저 게시:


You mean the part where they explain that it's links or files which would mean the user has to click or download them to become compromised?


brian9824님이 먼저 게시:

No more then any game that uses a forum as the internet can be used to do everything discord can. Accounts aren't hijacked on discord without user interaction, same as steam accounts.

Incorrect, both of you.

article Among those remaining available just prior to publication were an app that performs fraudulent ad-clicking

You don't need to initiate anything. Discord will click those nasty links FOR you.


Except you cut out the context of that snippet. Here, let me post the full context;

In our 90 day telemetry lookback, we found 205 URLs on the Discord domain pointing to Android .apk executables (with multiple, redundant links to duplicate files). After reporting the list to Discord, the service took down the files, but a subsequent query a few weeks later showed that more appeared in the meantime.

Among those remaining available just prior to publication were an app that performs fraudulent ad-clicking (classified as Andr/Hiddad-P);..

Which shows, yet again, you need to willing download a malicious program.
#35
Leonardo Da Pinchi 2022년 11월 16일 오후 2시 06분 
Had Discord for...many years now, Discord never once clicked a link for me.
#36
Aachen 2022년 11월 16일 오후 2시 06분 
.... The tools allegedly make it possible, exploiting weaknesses in Discord’s protocols, for one player to crash the game of another player ....

Wait, what? So is that an unverified allegation?
Aachen 님이 마지막으로 수정; 2022년 11월 16일 오후 2시 07분
#37
d3str0y3r 2022년 11월 16일 오후 2시 07분 
Kerry Freeman님이 먼저 게시:
d3str0y3r님이 먼저 게시:

Clearly OP doesn't not understand what they are reading. At no point does it say anything about "fraudulent clickers". All the malware this article is talking about has to be clicked by the user.

Uh, yes it does.

https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/#:~:text=Among%20those%20remaining%20available%20just%20prior%20to%20publication%20were%20an%20app%20that%20performs%20fraudulent%20ad-clicking

Among those remaining available just prior to publication were an app that performs fraudulent ad-clicking
Again you have no idea what you are talking about so stop! They are not even talking about Discord in that sentence. They are talking about one of the malware's hosted on discord is a app that performs fraudulent ad-clicking. The user still has to click and download the malware for it to do it's thing.
#38
Kerry 2022년 11월 16일 오후 2시 08분 
AmsterdamHeavy님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

Of course. When I was on Discord, a hacker stole my authentication token to my Discord without my knowledge, and used it to take over my account. They then used it while I watched and attempted to fight back, to no avail.

They used it to post obscene, lewd messages to other people and post messages of crude nature. Images that are banned on most sites, such as pornography and others, were splattered across every server I was in like grafitti on a wall. All would have been traced back to me, had i stayed.

No links were clicked.


...and this has what to do with Steam and games? The premise of the post.

Another direct quote from the article will prove my premise.

But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs.

Direct link to where the article says that:

https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/#:~:text=But%20the%20greatest%20percentage%20of%20the%20malware%20we%20found%20have%20a%20focus%20on%20credential%20and%20personal%20information%20theft%2C%20a%20wide%20variety%20of%20stealer%20malware%20as%20well%20as%20more%20versatile%20RATs.

Want your Steam account stolen? Use Discord, that'll make it happen.

As for games, here's this:

Like any developer-friendly platform, these features are ripe for abuse. Among the malicious applications we uncovered were applications advertised as game cheats—programs that alter or affect the gameplay environment. For example, “Conrado’s FiveM Crasher”, a game cheat for Grand Theft Auto multiplayer servers hosted on community-run servers, pulls data from FiveM’s integration with Discord to “crash” players nearby in gameplay:

Direct link:
https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/#:~:text=Like%20any%20developer,nearby%20in%20gameplay%3A
#39
Frostbringer 2022년 11월 16일 오후 2시 08분 
Kerry Freeman님이 먼저 게시:
KittenGrindr님이 먼저 게시:


So you want Steam to say devs can't or heavily limit the use Discord for communication or their community? Considering you just said using Discord isn't required.

Which means that you have to choose to use Discord as a means to interact with the devs or the game's community.

I want Steam to protect users' accounts.

Some game devs make Discord their primary or ONLY means of communication with the community. They don't come on the Steam Forums at all, except the bare minimum. And they don't interact with the community when they do so.

Any game that uses Discord as a primary, or only, means of interaction for things like customer service and assistance is putting their users' accounts at risk.

Which Game Dev discords have been directly linked to Steam accounts being compromised?
#40
Boblin the Goblin 2022년 11월 16일 오후 2시 09분 
I love how with every post trying to reaffirm the idea that Discord is malware or the reason for compromised accounts, it shows more and more that you need to download something or open a browser link for the malware to even work.

Nothing in the article even remotely says Discord itself is the cause of those infections. In fact, they say multiple times that people are distributing malicious material through Discord, not that Discord is the cause.
#41
Kerry 2022년 11월 16일 오후 2시 09분 
Frostbringer님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

I want Steam to protect users' accounts.

Some game devs make Discord their primary or ONLY means of communication with the community. They don't come on the Steam Forums at all, except the bare minimum. And they don't interact with the community when they do so.

Any game that uses Discord as a primary, or only, means of interaction for things like customer service and assistance is putting their users' accounts at risk.

Which Game Dev discords have been directly linked to Steam accounts being compromised?

It's Discord in general. Not specific developers.
#42
Kerry 2022년 11월 16일 오후 2시 10분 
KittenGrindr님이 먼저 게시:
I love how with every post trying to reaffirm the idea that Discord is malware or the reason for compromised accounts, it shows more and more that you need to download something or open a browser link for the malware to even work.

Nothing in the article even remotely says Discord itself is the cause of those infections. In fact, they say multiple times that people are distributing malicious material through Discord, not that Discord is the cause.

That's why i'm saying to sanction them. Limit games' access to Discord so that users can't have their accounts stolen by malicious software.

I'm not saying that Discord IS malware. In fact I never have. I'm saying it's a threat, a malware delivery system.

What I'm arguing for is a boycott. Until Discord eliminates its' malware problem, Steam should not allow games that connect to Discord.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 2시 11분
#43
Leonardo Da Pinchi 2022년 11월 16일 오후 2시 10분 
Kerry Freeman님이 먼저 게시:
Frostbringer님이 먼저 게시:

Which Game Dev discords have been directly linked to Steam accounts being compromised?

It's Discord in general. Not specific developers.
Had Discord since it dropped, not been "hacked" or "hijacked" once.
#44
Boblin the Goblin 2022년 11월 16일 오후 2시 11분 
Kerry Freeman님이 먼저 게시:

Want your Steam account stolen? Use Discord, that'll make it happen.

As for games, here's this:

Like any developer-friendly platform, these features are ripe for abuse. Among the malicious applications we uncovered were applications advertised as game cheats—programs that alter or affect the gameplay environment. For example, “Conrado’s FiveM Crasher”, a game cheat for Grand Theft Auto multiplayer servers hosted on community-run servers, pulls data from FiveM’s integration with Discord to “crash” players nearby in gameplay:

Direct link:
https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/#:~:text=Like%20any%20developer,nearby%20in%20gameplay%3A


You do realize the snippet you posted still shows you need to download and run the program to be come infected right? It doesn't even hint that Discord causes the infection.
#45
< >
전체 댓글 599개 중 31~45개 표시 중
페이지당 표시 개수: 1530 50

모든 토론 > Steam 포럼 > Suggestions / Ideas > 제목 정보
게시된 날짜: 2022년 11월 16일 오후 1시 32분
게시글: 599
새로운 토론 시작

토론 규칙 및 지침