Discord is a VoIP and chat platform created by and for the community. It has no less than 300 million regular users, and developers particularly appreciate its accessible API, which makes it easy to implement new features. This flexibility, as well as the pool of potential victims, has not escaped cybercriminals.
According to CyberArk, a company specializing in computer security, hackers are starting to exploit the features made available by Discord to organize all kinds of scams, including social engineering. According to experts, the fact that they use the features offered by Discord “makes it easier to develop harder-to-detect malware and to neutralize. The article published on the company’s website goes into detail about the techniques used by hackers to fool Discord users.
To read – Discord: this dangerous ransomware also steals your account in addition to your data
The team discovered that a malware named Vare is spreading full speed ahead on Discord. “This is an information stealer who uses Discord as both a data exfiltration infrastructure and a target.” CyberArk traces its origins back to the launch of the Nitro program in Discord. This paid subscription allows you to benefit from exclusive features such as uploading larger documents or even HD video streaming.
This malware steals information from Discord users, but also from other cybercriminals
According to the site, “Nitro has become so desirable to some users that they have tried to acquire it without paying, using brute-force to generate gift keys or social engineering. They then buy Discord Nitro gifts, “a popular way to steal money without leaving too much of a trace, with attackers typically selling the stolen keys at a discount.”
Thirst for Nitro drove these hackers to extremes. They started using malware to steal other users’ banking information and buy Nitro subscriptions or gifts without their knowledge. Ironically, the Kurdistan 4455 pirate group discovered that he is more lucrative to tackle other cybercriminals. No one is therefore safe from identity theft or a false request made in their name.