You are here
Home > News > NitroHack Modifies Windows Discord Client into Infostealing Trojan

NitroHack Modifies Windows Discord Client into Infostealing Trojan

On Windows Discord Client, there’s a new malware going around, which acts like a hack that helps you get the premium Discord Nitro service without paying. However, it is used for stealing the user credit card info, tokens saved in several browsers, and then distributed to others.

With the presence of a platform such as Discord, which gives users the chance to alter the JavaScript files used by the client quickly, several individuals mostly abuse the opportunity to lure the client to do malicious acts.

The newly discovered Malware is called the “NitroHack,” which modifies the Windows Discord client into a trojan for stealing info.

They tell their targets to download a file to get the freebie, as soon as the person downloads and launches the file; he gets automatically infected with the NitroHack. The file will alter the “%AppData%\\Discord\0.0.306\modules\discord_voice\index.js” file, then add malicious code to the end. Nitrojack will also try to modify the same Javascript file in the Discord Public Test Build and Discord Canary clients.

When the client is altered, the Malware will start sending the user tokens of the victim to the Discord channel of the attacker each time they start the Discord client. To get the tokens, the NitroHack will copy the databases of browsers such as Firefox, Opera, Chrome, Chromium, Brave, Discord, Yandex Browser, and some more.

The Malicious act wasn’t limited to people who use the Windows Discord client alone, as it also performed this malicious act to users who signed in via the web.

To acquire users’ debit/credit card information, the malware will connect to the “https://discordapp.com/api/v6/users/@me/billing/payment-source” and then steal the payment info saved there.

If you feel this Malware has infected your discord client, you can verify by opening the “%AppData%\\Discord\0.0.306\modules\discord_voice\index.js” with notepad, then ensuring that there aren’t any alterations at the bottom of the file.

A file that hasn’t been modified will end with this line:
module.exports = VoiceEngine;
If there’s anything else after this in your client, there’s a high tendency that it has been infected, except you made the modifications yourself.

Amaya Paucek

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top