Gaming enthusiasts are being warned about a new, insidious infostealer campaign on Discord, which uses the lure of beta-testing a game to trick victims into downloading malware. Researchers from Malwarebytes recently highlighted the growing threat, which involves unsolicited direct messages on Discord servers. These messages claim to come from a developer offering exclusive access to test an upcoming game, but what victims are actually downloading is far more dangerous.

Some players who need Secure Discord Acces can find service at U2XU, which is a professional and secure online trading website. In addition to various game items, accounts and services, you can also Affordable Discord Purchase here. Every transaction here is certified, so you can buy with confidence!

How the Scam Works
The scam typically begins with a direct message from an alleged game developer offering the opportunity to beta test a new game. The message will often appear convincing, sometimes coming from a verified or seemingly trustworthy account, which adds credibility to the scam. The victim is then provided with a download link and a password to access the “installer” for the game.

The download links lead to compromised file-sharing services like Dropbox, Catbox, or even Discord’s own content delivery network (CDN). These are often used to distribute the malicious files, with the added deception that they come from a legitimate source. The file, however, is not a game installer—it's an information-stealing Trojan designed to collect sensitive data from the victim's computer.

The Malware Behind the Attack
The Trojan distributed in this campaign is a type of infostealer, a form of malware that targets personal information. It can capture credentials stored in web browsers, session cookies for platforms like Discord and Steam, and even sensitive data related to cryptocurrency wallets. The campaign utilizes different versions of malware, including Nova Stealer, Ageo Stealer, and the newer Hexon Stealer.

Nova Stealer and Ageo Stealer are known for stealing login credentials and session cookies from browsers. These stealers are particularly dangerous for gamers, as they target accounts on platforms like Discord and Steam, both of which are popular among gamers for chatting and purchasing games. Meanwhile, Hexon Stealer is capable of extracting even more detailed information, including 2FA backup codes, saved passwords, credit card details, and cryptocurrency wallet information.

The Bigger Picture: Why Discord Accounts Are Valuable
One of the key goals of this campaign is to steal money by gaining access to victims’ bank and crypto accounts. However, compromising Discord accounts is also a central part of the scam. By taking control of more Discord accounts, cybercriminals can leverage them to create a sense of trust among other users. This emotional manipulation can lead to further scams, where users are tricked into downloading even more malware or falling for financial theft.

How to Protect Yourself
To avoid falling victim to this scam, users should take several precautions:

Update anti-malware protection: Ensure that your anti-malware software is up to date and running at all times.
Verify invitations: If you receive an unsolicited message, especially one with a download link, verify the invitation through another means, such as a text message or via a different social media platform.
Ignore unsolicited messages: Avoid clicking on links or downloading files from unsolicited messages, especially from unknown users or sources.
Discord users, in particular, should remain vigilant against any unusual messages and always be cautious about downloading files, even if they appear to come from friends or trusted contacts.