A report by Sekoia.io has shed light on a targeted campaign against the gaming community that leverages Discord channels and fake download sites to distribute information-stealing malware. The incident came to light after the cloud gaming company Shadow warned its users that their data was compromised.
More in detail
As part of the attack, the attackers compromise the accounts of French gaming influencers to send messages offering exclusive access to a seemingly genuine game.
- These promotional messages were sent via a Discord channel or as a personal message.
- These messages included a link that directly led to the download of a malicious file or a fake website.
- Some of these fake websites triggered connections to ipinfo[.]io that gathered the IP addresses of victims.
- Once the victim clicks on the ‘download’ button, it downloads the information-stealing malware that came embedded within a password-protected rar archive, a zip file, or an executable file.
Multiple info-stealers involved
- Sekoia researchers found multiple information stealer families, such as BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, during the investigation.
- While BBy Stealer and Nova Sentinel are under ongoing analysis, researchers found that Donerium and Epsilon Stealer are available on GitHub and Telegram, respectively.
- Donerium is designed to steal user Discord information, grab crypto wallets, pilfer sensitive information from browsers, and capture screenshots.
- Meanwhile, Epsilon Stealer is advertised on Telegram by a couple of French-speaking users.
Conclusion
With gamers being targeted with malware threats much more often than ever, this has a longstanding history. To counter similar threats, online gamers are urged to download software exclusively from official and trustworthy websites. Moreover, users should be cautious about enticing offers, fake notifications, or messages designed to lure them into downloading harmful files.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/cc0d_shutterstock_1092579335.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0ee4_shutterstock_2161706085.jpg)
