Gaming enthusiasts have been warned not to reply to unsolicited Discord messages, after researchers revealed a new infostealer campaign.
Malwarebytes said that victims are typically approached out of the blue with a direct message on a Discord server, asking if they want to beta test a new game.
The message itself is often sent from the supposed ‘developer’ themselves, in order to add an air of authenticity to the scam.
“If interested, the victim will receive a download link and a password for the archive containing the promised installer,” said Malwarebytes.
“The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. What the target will actually download and install is in reality an information-stealing Trojan.”
Read more on info-stealing threats: Malicious Ads Hide Infostealer in League of Legends ‘Download’
There are various versions of the scam, using NSIS or MSI installers to spread Nova Stealer, Ageo Stealer and Hexon Stealer malware.
The first two are malware-as-a-service offerings designed to steal credentials stored in the browser, as well as session cookies for platforms like Discord and Steam, and information related to cryptocurrency wallets.
“Part of the Nova Stealer’s infrastructure is a Discord webhook which allows the criminals to have the server send data to the client whenever a certain event occurs. So they don’t have to check regularly for information, they will be alerted as soon as it gets in,” said Malwarebytes.
“The Hexon stealer is relatively new, but we know it is based on Stealit Stealer code and capable of exfiltrating Discord tokens, 2FA backup codes, browser cookies, autofill data, saved passwords, credit card details, and even cryptocurrency wallet information.”
Monetary Theft is the End Goal
The aim of the game for the threat actors behind this new scam is to steal money from the victim, by accessing their bank and crypto accounts. However, Discord credentials are also prized as a way of furthering the campaign.
“By compromising an increasing number of Discord accounts, criminals can fool other Discord users into believing that their everyday friends and contacts are speaking with them, emotionally manipulating those users into falling for even more scams and malware campaigns,” the security vendor warned.
Computer users are urged to:
- Keep anti-malware protection up to date and activated on their computers and devices
- Verify any invitations from “friends” through different channels, such as via text or another social media platform
- Ignore unsolicited messages, especially those requesting downloads or installs
Image credit: Diego Thomazini / Shutterstock.com