Phishing for Gamers: Fake Offers Invite Gamers to Test New Gaming Titles

Stu Sjouwerman | Jan 8, 2025

Discord ScamsA phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes. 

The phishing messages are sent via Discord, email, or text message. The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game’s installer.

“The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility,” Malwarebytes explains. “What the target will actually download and install is in reality an information stealing Trojan.”

The campaign is distributing several different strains of malware, all of which can steal users’ credentials or financial information.

“There are several variations going around,” the researchers state. “Some use NSIS installers, but we have also seen MSI installers. There are also various information stealers being spread through these channels like the Nova Stealer, Ageo Stealer, or the Hexon Stealer.

The Nova Stealer and the Ageo Stealer are a Malware-as-a-Service (MaaS) stealer where criminals rent out the malware and the infrastructure to other criminals. It specializes in stealing credentials stored in most browsers, session cookie theft for platforms like Discord and Steam, and information theft related to cryptocurrency wallets.”

The researchers note that the attackers can use the compromised accounts to launch additional phishing attacks against the victim’s contacts.

“One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts,” the researchers write. “This also helps them because some of the stolen information includes friends accounts of the victims.

By compromising an increasing number of Discord accounts, criminals can fool other Discord users into believing that their everyday friends and contacts are speaking with them, emotionally manipulating those users into falling for even more scams and malware campaigns.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Malwarebytes has the story.

Uncover Technical Blind Spots and Exfiltration Risks with Free BreachSim

Data exfiltration is a critical target for cybercriminals, yet most organizations fail to detect breaches internally. Run our 100% harmless BreachSim tool on Windows 10+ workstations to safely simulate over 12 realistic data exfiltration scenarios following the MITRE ATT&CK framework, pinpoint your infrastructure’s weaknesses, and get actionable results in minutes.

Launch Your Free Breach Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.