A new infostealer campaign has emerged, targeting gaming enthusiasts on Discord. Researchers from Malwarebytes have warned users to avoid engaging with unsolicited messages on the platform, which are typically sent by cybercriminals posing as game developers offering a chance to beta test a new game. The scam is designed to appear legitimate, with messages often sent from compromised accounts to add authenticity to the request. Victims who respond are provided with a download link for a game installer, but the link actually leads to malware that steals sensitive information.
Once the victim downloads and installs the malware, it exfiltrates data such as browser credentials, session cookies, and information related to cryptocurrency wallets. Several types of stealer malware have been used in this campaign, including Nova Stealer, Ageo Stealer, and Hexon Stealer. These malware variants are capable of stealing a wide range of sensitive information, including Discord tokens, 2FA backup codes, saved passwords, credit card details, and more. The attackers leverage the compromised accounts to collect data from victims and further their malicious activities.
One of the most concerning aspects of the campaign is the use of a Discord webhook within the Nova Stealer infrastructure, which alerts attackers when a victim’s data is compromised. This allows criminals to track stolen data in real time, without needing to regularly check for updates. The Hexon Stealer, a newer variant, is also capable of exfiltrating highly sensitive data like cryptocurrency wallet details and two-factor authentication codes, making it even more dangerous. The attack’s goal is not only to steal financial data but also to compromise Discord accounts to manipulate other users into falling for similar scams.
Malwarebytes has advised users to take several steps to protect themselves from this growing threat. It is recommended that computer users keep their anti-malware protection up to date and verify any unsolicited invitations through trusted channels. Additionally, users should be cautious of any unsolicited messages that ask them to download or install files, especially when the sender appears to be a friend or trusted contact. By staying vigilant and following these precautions, users can avoid falling victim to these sophisticated infostealer campaigns.
