Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • NitroHack Modifies Windows Discord Client into Infostealing Trojan
  • Cyber Attacks
  • Data Breach
  • Malware

NitroHack Modifies Windows Discord Client into Infostealing Trojan

6 years ago David Bisson
NitroHack Modifies Windows Discord Client into Infostealing Trojan

Security researchers discovered a new malware threat called “NitroHack” that modifies the Discord client for Windows into an infostealing trojan.

MalwareHunterTeam observed malicious actors abusing DM’s from infected Discord users as a distribution vector. Specifically, they leveraged those accounts to inform a victim’s friends that they could obtain free access to the premium Discord Nitro service by downloading a file.

By complying, a user inadvertently infected themselves with NitroHack. This malware appended malicious code to the “%AppData%\Discord.0.306modulesdiscord_voiceindex.js” file as well as attempted to change the same file in both the iscord Canary and Discord Public Test Build clients.

Bleeping Computer explained that the malware acted in this matter to establish persistence and to steal a user’s account tokens:

To steal these tokens, NitroHack will copy browser databases for Chrome, Discord, Opera, Brave, Yandex Browser, Vivaldi, and Chromium and scan them for Discord tokens. When done, the list of found tokens will be posted to a Discord channel under the attacker’s control.

Functionality for stealing saved Discord tokens (Source: Bleeping Computer)

NitroHack didn’t reserve all of its malicious activity to just users of the Windows Discord client, however. The malware also attempted to connect to the “https://discordap[.]com/api/v6/users/@me/billing/payment-source” URL.” It did this for the purpose of stealing web client users’ payment card information.

It’s at that point when NitroHack stole a list of a victim’s contacts. It then sent them a link disguised as a Nitro Hack service link.

Users can verify whether they’ve suffered a NitroHack infection by opening the “%AppData%\Discord.0.306modulesdiscord_voiceindex.js” file with Notepad. The normal file should simply contain “module.exports = VoiceEngine;” Anything else could be indicative of a malware infection.

News of this newest malware threat comes less than a month after researchers found that an updated version of AnarchyGrabber had stolen victims’ plaintext passwords and infected victims’ friends on Discord.

The post ” NitroHack Modifies Windows Discord Client into Infostealing Trojan” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Google Chrome, Malware, TripWire

Continue Reading

Previous Poulight- An info-stealing trojan might be teaching you how to play Minecraft
Next Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

11 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Claude Code Security and Magecart: Getting the Threat Model Right

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

16 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

17 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

19 hours ago [email protected] (The Hacker News)

Recent Posts

  • OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
  • Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
  • Claude Code Security and Magecart: Getting the Threat Model Right
  • 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
  • Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT