skip to Main Content

Cybercrime, NitroHack malware turns Discord client into a trojan

Cybercrime, NitroHack Malware Turns Discord Client Into A Trojan

MalwareHunterTeam: cybercrime is spreading the NitroHack malware. It turns Discord client into a trojan, and It’s being distributed to infected user’s friends via DM messages, that promote it as a way to get get the premium Nitro service for free

It’s dubbed NitroHack and is a malware that modifies the Windows Discord client to turn it into an account-stealing Trojan. It has been discovered by MalwareHunterTeam cyber security experts. The malicious code is being distributed to infected user’s friends via DM messages that promote it as a way to get get you the premium Discord Nitro service for free. According to Bleeping Computer, if a user downloads the promoted file and launches it, NitroHack will modify the %AppData%\\Discord\0.0.306\modules\discord_voice\index.js file and append malicious code to the bottom. It will also attempt to alter the same JavaScript file in the Discord Canary and Discord Public Test Build clients. By modifying the client, the malware becomes persistent and will send the victim’s user tokens to the attacker’s Discord channel every time they start the client.

The cyber security experts: The cybercrime actor can log into Discord as the victim, using the stolen tokens

According the cyber security experts, using these stolen user tokens, the cybercrime actor can then log into Discord as the victim. To steal them, NitroHack will copy browser databases for Chrome, Discord, Opera, Brave, Yandex Browser, Vivaldi, and Chromium and scan them for Discord tokens. Once done, the list of found tokens will be posted to a channel under the attacker’s control. Not to leave users of the web client out of the fun, it will also perform malicious behavior for those logged in via the web. To try and steal credit cards, the malware will attempt to connect to the https://discordapp.com/api/v6/users/@me/billing/payment-source URL and to take the saved payment information. The, it will grab a list of all of a victim’s friends and send them a DM containing a link to the malware disguised as the hack for the Nitro service.

Back To Top