On Windows Discord Client, there's a new malware going around, which acts like a hack that helps you get the premium Discord Nitro service without paying. However, it is used for stealing the user credit card info, tokens saved in several browsers, and then distributed to others.
With the presence of a platform such as Discord, which gives users the chance to alter the JavaScript files used by the client quickly, several individuals mostly abuse the opportunity to lure the client to do malicious acts.
The newly discovered Malware is called the “NitroHack,” which modifies the Windows Discord client into a trojan for stealing info.
They tell their targets to download a file to get the freebie, as soon as the person downloads and launches the file; he gets automatically infected with the NitroHack. The file will alter the “%AppData%\\Discord\0.0.306\modules\discord_voice\index.js” file, then add malicious code to the end. Nitrojack will also try to modify the same Javascript file in the Discord Public Test Build and Discord Canary clients.
When the client is altered, the Malware will start sending the user tokens of the victim to the Discord channel of the attacker each time they start the Discord client. To get the tokens, the NitroHack will copy the databases of browsers such as Firefox, Opera, Chrome, Chromium, Brave, Discord, Yandex Browser, and some more.
The Malicious act wasn't limited to people who use the Windows Discord client alone, as it also performed this malicious act to users who signed in via the web.
To acquire users' debit/credit card information, the malware will connect to the “https://discordapp.com/api/v6/users/@me/billing/payment-source” and then steal the payment info saved there.
If you feel this Malware has infected your discord client, you can verify by opening the “%AppData%\\Discord\0.0.306\modules\discord_voice\index.js” with notepad, then ensuring that there aren't any alterations at the bottom of the file.
A file that hasn't been modified will end with this line:
module.exports = VoiceEngine;
If there's anything else after this in your client, there's a high tendency that it has been infected, except you made the modifications yourself.
RELATED POSTS
- Best Antivirus Reddit Users Recommended 2024
- Is Incogni Worth It? [Unbiased Answer]
- Best VPN Reddit Users Recommended For Ultimate Online Security
About the Author:
Amaya Paucek is a professional with an MBA and practical experience in SEO and digital marketing. She is based in Philippines and specializes in helping businesses achieve their goals using her digital marketing skills. She is a keen observer of the ever-evolving digital landscape and looks forward to making a mark in the digital space.
