Discord has announced that it is changing the way links to files hosted on the platform work. Until the end of this year, such links will be automatically updated every 24 hours. This will be part of measures to combat the spread of malware, which, as Bleeping Computer notes, is often stored on Discord servers. The innovation affects all users of the popular service and is an important step towards strengthening the security of the platform.
The company recommends that users using Discord for file hosting look for alternative solutions. However, the changes will not affect those who share content directly in the Discord client: all internal links will be automatically updated to ensure continuous access to files.
Cybersecurity firm Trellix reported finding about 10,000 malware samples distributed via Discord. The attackers used the platform’s webhooks to transmit collected data from infected computers to Discord channels they controlled.
In response to these threats, Discord is implementing a system of temporary file associations for all users. Therefore, Discord will include new URL parameters that add expiration labels and unique signatures. These signatures remain valid until the link expires, preventing Discord from being used for persistent file hosting.
According to the Discord developers, three new URL parameters are already being added to links: ex (expiry time stamp), is (unique ID signature) and hm (hash match). Once mandatory authentication rolls out later this year, links with these signatures will remain active until the specified expiration date.
Once the link to a file hosted on Discord servers expires, accessing that file requires a new URL provided through Discord. This means that every time an old link expires, the Discord system will provide an updated URL that will be active for the next 24 hours. The link update process occurs automatically via the Discord Application Programming Interface (API).
This not only makes it easier to access files without having to manually update links, but also serves as an additional layer of verification: if the content has been flagged as malicious, no new link to it will be generated, preventing further spread of malware. Therefore, even if the malware is uploaded to the platform, its lifecycle is limited.