-
Threat Vector: Open-source RedTiger penetration testing tool weaponized into an infostealer targeting Discord users, primarily in France
-
Malware Capabilities: Extracts Discord tokens, payment information (PayPal, credit cards), browser credentials, cryptocurrency wallets, and system data
-
Discord-Specific Attacks: Injects JavaScript into Discord’s index.js to intercept login attempts, purchases, password changes, and MFA information
-
Data Collection Scope: Harvests browser passwords, cookies, history, extensions; captures screenshots; searches for sensitive files (.TXT, .SQL, .ZIP)
-
Data Exfiltration: Archives stolen data and uploads to GoFile cloud storage; sends download links and victim metadata to attackers via Discord webhooks
-
Evasion Techniques: Anti-sandbox mechanisms, debugger detection, spawns 400 processes, creates 100 random files to obstruct forensic analysis
-
Distribution Methods: Delivered via Discord channels, malicious software sites, forum posts, malvertising, and YouTube videos, often disguised as gaming tools or Discord utilities
-
Mitigation Actions: Avoid downloading executables from unverified sources; if compromised, revoke Discord tokens, change passwords, reinstall Discord from official sources, clear browser data, enable MFA
More details can be found - https://www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/