Hackers have turned Discord into an account stealer - here’s what you need to know

New Discord malware can spread itself among friends via direct message

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have uncovered a new malware campaign that turns popular gaming chat serviceDiscordinto a dangerous account stealer.

Discovered by MalwareHunterTeam, the NitroHack malware masquerades as a software crack that gives users free access to Discord Nitro, the service’s premium subscription tier.

However, upon installation, themalwaremodifies the Discord client for Windows, turning it into a trojan capable of stealing account credentials and financial information, and then attempts to transmit itself to the victim’s friends and communities.

The malware also reportedly affects users of the Discord web client.

Discord malware

Discord malware

Discord actively encourages its users to code in new functionality to enhance their experience with the client. JavaScript-coded ‘Discord Bots’ range from the extremely useful (e.g. the ability to accept donations on behalf of a community) to the beautifully trivial (e.g. enhanced meme-sharing).

However, this level of openness also means the client is susceptible to modification attacks. The NitroHack malware tweaks a piece ofJavaScriptcode stored locally on the victim’s computer, and also attempts to introduce malicious code to the same file in alpha and public test builds of the client.

The malware is also persistent, prompting Discord to deliver the victim’s login credentials to the hacker each time the client is booted up, and transmits itself to a victim’s friends via direct message.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In a bid to steal credit card information, meanwhile, the malware hunts for saved payment details attached to the infected user’s account.

NitroHack is also able to evade security software, which might recognize and address the malicious executable file, but is unlikely to register the modification of the Discord client.

Users can check whether their client has been compromised by opening %AppData%\Discord\0.0.306\modules\discord_voice\index.js using Notepad or a similar software. If unmodified, the file should end with “module.exports = VoiceEngine;”.

ViaBleeping Computer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year