Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • NitroHack Modifies Windows Discord Client into Infostealing Trojan
  • Cyber Attacks
  • Data Breach
  • Malware

NitroHack Modifies Windows Discord Client into Infostealing Trojan

6 years ago David Bisson
NitroHack Modifies Windows Discord Client into Infostealing Trojan

Security researchers discovered a new malware threat called “NitroHack” that modifies the Discord client for Windows into an infostealing trojan.

MalwareHunterTeam observed malicious actors abusing DM’s from infected Discord users as a distribution vector. Specifically, they leveraged those accounts to inform a victim’s friends that they could obtain free access to the premium Discord Nitro service by downloading a file.

By complying, a user inadvertently infected themselves with NitroHack. This malware appended malicious code to the “%AppData%\Discord.0.306modulesdiscord_voiceindex.js” file as well as attempted to change the same file in both the iscord Canary and Discord Public Test Build clients.

Bleeping Computer explained that the malware acted in this matter to establish persistence and to steal a user’s account tokens:

To steal these tokens, NitroHack will copy browser databases for Chrome, Discord, Opera, Brave, Yandex Browser, Vivaldi, and Chromium and scan them for Discord tokens. When done, the list of found tokens will be posted to a Discord channel under the attacker’s control.

Functionality for stealing saved Discord tokens (Source: Bleeping Computer)

NitroHack didn’t reserve all of its malicious activity to just users of the Windows Discord client, however. The malware also attempted to connect to the “https://discordap[.]com/api/v6/users/@me/billing/payment-source” URL.” It did this for the purpose of stealing web client users’ payment card information.

It’s at that point when NitroHack stole a list of a victim’s contacts. It then sent them a link disguised as a Nitro Hack service link.

Users can verify whether they’ve suffered a NitroHack infection by opening the “%AppData%\Discord.0.306modulesdiscord_voiceindex.js” file with Notepad. The normal file should simply contain “module.exports = VoiceEngine;” Anything else could be indicative of a malware infection.

News of this newest malware threat comes less than a month after researchers found that an updated version of AnarchyGrabber had stolen victims’ plaintext passwords and infected victims’ friends on Discord.

The post ” NitroHack Modifies Windows Discord Client into Infostealing Trojan” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Google Chrome, Malware, TripWire

Continue Reading

Previous Poulight- An info-stealing trojan might be teaching you how to play Minecraft
Next Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

3 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
  • Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
  • China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT