Be careful using Discord: they are stealing key information from users and servers

Trellix cybersecurity researcher Gurumoorthi Ramanathan details the malware and data extraction techniques used by hackers to attack Discord, the most used application by gamers to communicate.

Discord DOWNLOAD

According to the report, threat actors have built a sophisticated infostealer called NS-STEALER. They distribute it through ZIP files disguised as cracked software (pirated Windows 11 or unlicensed Photoshop).

When a victim extracts the compressed file, they will find a Windows shortcut titled “Loader GAYve” that, if executed, will deploy a malicious Java program.

This program will do two things: first, it will create a folder called “NS-<11-digit_random_number>”, where it will store all the collected information. Then, it will start capturing the data.

Looking for sensitive data to steal money

NS-STEALER will search for information stored in over two dozen browsers: cookies, credentials, and autofill data. It will then start taking screenshots of the infected device, collecting system information and the list of programs installed on the device.

Then it will extract Discord tokens, as well as Steam and Telegram session data. Finally, it will filter all of the above to a Discord Bot channel. That’s where all the information ends up to monetize the hacking.

“Taking into account the highly sophisticated function of collecting sensitive information and the use of X509Certificate to support authentication, this malware can quickly steal information from the victim’s systems with [Java Runtime Environment]”, explains Ramanathan.

Discord DOWNLOAD

This is not the first time that hackers find a way to abuse Discord for their nefarious purposes. In fact, Discord has been targeted by hacks for years.

Be careful and do not download anything suspicious through Discord or unreliable websites.