Hackers are now using the popular chat app Discord to find potential victims and infect their computers with a dangerous, info-stealing malware.
According to a new blog post from the cybersecurity firm Trend Micro, hackers are now abusing Discord’s content delivery network (CDN) to host and spread the Lumma Stealer malware. At the same time, they’re also using the chat app’s API to create bots capable of communicating and remotely controlling the malware.
First detected back in August of last year, Lumma Stealer is a malware written in the C programming language which steals usernames and passwords along with other sensitive data from an infected PC. It’s currently being rented out to other hackers by its creators as a Malware-as-a-Service offering for just $250 per month. However, with Lumma Stealer’s highest paid plan, hackers get access to the malware’s source code and can even modify it to better suit their attacks.
While Lumma Stealer was previously used to target YouTube users through spear-phishing emails, Trend Micro’s security researchers have observed a new campaign that uses this malware strain to go after Discord users.
Whether you use Discord when playing games with friends on one of the best gaming PCs or you have kids at home that often use this popular chat app with their friends, this new Lumma Stealer campaign isn’t something you want to ignore, as falling victim to it could let hackers take over all your online accounts after stealing those passwords.
Targeting users via Discord
To avoid being detected, the hackers behind this campaign typically use random Discord accounts to send a direct message to potential victims. However, compromised Discord accounts are also used to do this, which means that a message from one of your friends could be from a hacker instead.
Regardless of which type of Discord account is used to contact you though, the message sent by the hackers behind this campaign remains the same. Basically, they reach out to potential victims seeking help with a project under the guise of getting you to test it. For your time, you’ll be paid $10 through PayPal or sent a Discord Nitro Boost which lets you buy special perks and features for specific servers.
As it only takes four to five minutes to test the project and leave a review according to the hackers, it’s likely that younger gamers might fall for this scam. Before the testing can begin, though, the hackers send over a malicious link which downloads an installation file that contains the Lumma Stealer malware.
Once executed, the malware tries to steal funds from crypto wallets as well as sensitive data like usernames and passwords stored in a victim’s browser. With your credentials in hand, the hackers behind this new Lumma Stealer campaign can take over your accounts, commit fraud or potentially even steal your identity.
How to stay safe from malware
Regarding this particular Lumma Stealer campaign, Trend Micro recommends that all Discord users should exercise caution when it comes to unexpected or unsolicited direct messages from unknown senders.
Just like with your email, you should avoid opening any links or downloading any attachments from unknown senders that arrive in Discord’s message center. However, you’ll also want to be careful when opening links that appear in a public Discord server, as they could take you to phishing sites or other dangerous websites.
To keep your PC protected from malware and other online threats, you’re going to want to use the best antivirus software. If you’re on a tight budget though, Windows Defender is a free antivirus from Microsoft that comes pre-installed on all Windows PCs.
As with Facebook and other popular online services, hackers will likely continue to abuse Discord and its features in their attacks. This is why you need to remain vigilant online and avoid clicking on suspicious links and downloading files from people you don’t know personally.
More from Tom’s Guide