Introduction
A new infostealer campaign has emerged [1] [4] [5], targeting gaming enthusiasts through unsolicited messages on platforms such as Discord [2], email [2], and text [2] [5] [6]. Cybercriminals are exploiting these channels to distribute malware disguised as game beta tests, posing significant risks to users’ sensitive information.
Description
Gaming enthusiasts are being cautioned against responding to unsolicited messages on platforms like Discord [5], email [2], and text [2] [5] [6], as a new infostealer campaign has been identified [5]. Cybercriminals are targeting victims by promoting fake beta tests for games [3], often sending direct messages from accounts posing as game developers [1]. If victims express interest [1] [3] [5], they receive a download link and a password for an installer that deceptively appears to contain a game. However, these installers [1] [3] [5] [7], typically hosted on credible platforms like Dropbox and Discord’s content delivery network (CDN) [3] [4] [5] [7], are actually designed to deliver information-stealing malware, including Nova Stealer [1] [2] [6], Ageo Stealer [1] [2] [3] [4] [6] [7], and Hexon Stealer [1] [2] [3] [4] [6] [7].
These malware strains are engineered to extract sensitive information [6], such as web browser credentials, session cookies from platforms like Discord and Steam [1] [3] [6] [7], cryptocurrency wallet details [1] [2] [4] [6] [7], and even two-factor authentication (2FA) backup codes. The campaign employs various types of malware, with Nova and Ageo Stealers operating as Malware-as-a-Service (MaaS) [7], allowing criminals to rent the malware and its infrastructure [7]. This lowers the entry barrier for cybercriminals [6], enabling sophisticated attacks without extensive technical skills [6]. Notably, Nova Stealer utilizes a Discord webhook to alert criminals of new data [1] [7], reducing the need for constant monitoring.
The Hexon Stealer [1] [2] [3] [4] [6] [7], a newer variant based on the Stealit Stealer code [6], poses an advanced threat with its capability to exfiltrate high-value information [6], including Discord tokens [7], browser cookies [1] [3] [7], autofill data [1] [3] [7], saved passwords [1] [2] [3] [4] [5] [6] [7], credit card details [1] [7], and cryptocurrency wallet information [1] [2] [4] [7]. Its modular design suggests potential for further evolution [6], increasing future risks [6]. A primary target for these stealers is Discord credentials [3] [7], which can be exploited to compromise additional accounts and manipulate victims’ friends [3], enhancing the attackers’ credibility and facilitating further scams.
The campaign exploits the trust and curiosity inherent in Discord’s community-driven environment [6], making users more susceptible to these scams [6]. The use of compromised accounts enhances the credibility of the messages [6], complicating the detection of the scam [6]. Additionally, fake game websites and templated Blogspot pages are employed to host the malware [2], further deceiving potential victims. Users are advised to remain vigilant regarding their digital and flat currency if they have been targeted by these scams [7]. To protect themselves [3] [4], adopting proactive security measures [6], including education on common scams [6], verification of message authenticity [6], and the use of Multi-Factor Authentication (MFA) [6], is essential. Furthermore, keeping anti-malware protection updated and verifying requests from friends through alternative communication channels can enhance security.
Platforms like Discord also bear responsibility in addressing these threats by enhancing monitoring of compromised accounts [6], providing user education [6], and collaborating with cybersecurity firms to stay ahead of emerging risks [6]. This infostealer campaign serves as a critical reminder for online communities to remain vigilant and informed to protect against ongoing cyber threats [6].
Conclusion
The infostealer campaign targeting gaming enthusiasts underscores the persistent threat posed by cybercriminals exploiting trusted platforms. Users must adopt proactive security measures [6], such as verifying message authenticity and using Multi-Factor Authentication [6], to safeguard their information. Additionally, platforms like Discord should enhance their monitoring and user education efforts to mitigate these threats. As cyber threats continue to evolve, staying informed and vigilant remains crucial for protecting sensitive information.
References
[1] https://osintcorp.net/new-infostealer-campaign-uses-discord-videogame-lure/
[2] https://news.cloudsek.com/2025/01/game-over-cybercriminals-exploit-gamers-with-fake-beta-test-scams/
[3] https://www.heise.de/en/news/Malware-InfoStealer-comes-instead-of-game-test-10225902.html
[4] https://thecyberwire.com/podcasts/daily-podcast/2218/transcript
[5] https://www.infosecurity-magazine.com/news/infostealer-campaign-discord/
[6] https://undercodenews.com/beware-of-discord-scams-gaming-enthusiasts-targeted-by-sophisticated-infostealer-campaign/
[7] https://www.infostealers.com/article/can-you-try-a-game-i-made-fake-game-sites-lead-to-information-stealers/
