A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes.
The phishing messages are sent via Discord, email, or text message. The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game’s installer.
“The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility,” Malwarebytes explains. “What the target will actually download and install is in reality an information stealing Trojan.”
The campaign is distributing several different strains of malware, all of which can steal users’ credentials or financial information.
“There are several variations going around,” the researchers state. “Some use NSIS installers, but we have also seen MSI installers. There are also various information stealers being spread through these channels like the Nova Stealer, Ageo Stealer, or the Hexon Stealer.
The Nova Stealer and the Ageo Stealer are a Malware-as-a-Service (MaaS) stealer where criminals rent out the malware and the infrastructure to other criminals. It specializes in stealing credentials stored in most browsers, session cookie theft for platforms like Discord and Steam, and information theft related to cryptocurrency wallets.”
The researchers note that the attackers can use the compromised accounts to launch additional phishing attacks against the victim’s contacts.
“One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts,” the researchers write. “This also helps them because some of the stolen information includes friends accounts of the victims.
By compromising an increasing number of Discord accounts, criminals can fool other Discord users into believing that their everyday friends and contacts are speaking with them, emotionally manipulating those users into falling for even more scams and malware campaigns.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story.
How BreachSim works:
