ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
MalwareHunterTeam: cybercrime is spreading the NitroHack malware. It turns Discord client into a trojan, and It’s being distributed to infected user’s friends via DM messages, that promote it as a way to get get the premium Nitro service for free
The cyber security experts: The cybercrime actor can log into Discord as the victim, using the stolen tokens
According the cyber security experts, using these stolen user tokens, the cybercrime actor can then log into Discord as the victim. To steal them, NitroHack will copy browser databases for Chrome, Discord, Opera, Brave, Yandex Browser, Vivaldi, and Chromium and scan them for Discord tokens. Once done, the list of found tokens will be posted to a channel under the attacker’s control. Not to leave users of the web client out of the fun, it will also perform malicious behavior for those logged in via the web. To try and steal credit cards, the malware will attempt to connect to the https://discordapp.com/api/v6/users/@me/billing/payment-source URL and to take the saved payment information. The, it will grab a list of all of a victim’s friends and send them a DM containing a link to the malware disguised as the hack for the Nitro service.