The old saying, “Never talk with a stranger” still rings true in this day and age; even in an online environment. According to a report from antivirus company Malwarebytes, an infostealer malware scam campaign is spreading fast through Discord, preying exclusively on gamers. Approached with enticing offers to try game betas, eager gamers’ devices are quickly infected with dangerous and persistent malicious software. Recently, a Malwarebytes forum user TheBeardedNardo reported he had encountered said issue and was advised to completely wipe his OS clean.
Here’s how the scam works: unsuspecting victims receive unsolicited direct messages or DMs claiming to be from developers looking for beta testers. These messages often appear authentic, using compromised accounts or posing as credible sources. Gamers are sent a download link and password for an archive, supposedly containing the game installer. However, as you can suspect, what they install is actually an information-stealing Trojan.
These malicious files are hosted on legit platforms like Dropbox, Catbox, and even Discord’s own content delivery network. The use of legitimate file providers adds credibility to the scam, increasing its effectiveness to unwary targets.
Several malware variants have been identified in this campaign, including Nova Stealer, Ageo Stealer, and Hexon Stealer. These infostealers are designed to extract sensitive information such as Discord tokens, browser cookies, saved passwords, and even cryptocurrency wallet details.
Nova Stealer and Ageo Stealer are malware-as-a-service offerings, rented out to criminals for wide-scale attacks. They can utilize Discord webhooks to send stolen data to attackers in real time, eliminating traces and the need for constant monitoring. Meanwhile, the Hexon Stealer can exfiltrate two-factor authentication backup codes, credit card details, and other critical information.
Ultimately, the goal of this Discord malware scam is nothing other than financial theft. Additionally, any stolen Discord credentials they can get from the malware are used to expand their network of compromised accounts, perpetuating the scam.
Because of this, protecting yourself by being cautious in the online space is crucial. Always avoid engaging with suspicious or unsolicited messages, even if you received them on Discord. Verify dubious invitations through other channels, such as developers’ official social media platforms or your friends directly. Then, don’t forget to keep your antivirus software updated and activated as the first line of defense.
