Hackers Unleash Sinister RedTiger Tool To Hijack Discord Accounts And Infect Gaming PCs

Just weeks after a breach led to the theft of sensitive user data that included government issued IDs, Discord users have a new cybersecurity issue to worry about. Security researchers at Netskope have spotted hackers repurposing an open source tool used by security professionals, called RedTiger, to develop an infostealer to target unsuspecting gamers.

The RedTiger infostealer works by modifying the Discord client’s files with custom JavaScript. This enables the malware to intercept traffic to and from the application, exfiltrate valuable data such as Discord account information including payment details, and cryptocurrency wallet data.

Additionally, hackers are able to leverage its ability to intercept traffic in a devious way. It’s possible to track when a user changes their email or password, steal that new login information alongside app tokens, and restrain access to that account. All while a victim believes they’ve taken the steps necessary to secure their account.


If that wasn’t bad enough, the malware has other capabilities that go beyond data theft. One of its features is the ability to take snapshots of a victim’s desktop and, if available, can take a picture of a victim with their webcam. This opens up the possibility for a victim to be blackmailed on top of having their information stolen.

Another feature that makes this malware so potent is the capability to persist on a victim’s device. For now, this only works on Windows based computers, by adding itself to the list of startup items. However, similar functionality is partially in place for systems running Linux and macOS, and will likely be ready sooner rather than later.

As always, users are one of the most important lines of defense in attacks such as this one. Discord users should take extra precaution when clicking links others post in server channels, or when receiving messages from unknown senders.