"A new type of malware called RedTiger has been popping up more and more in recent months. While the tool was originally intended for security testing and red teaming, it is now being actively exploited by cybercriminals to attack gamers and Discord users. The open-source tool, developed in Python and released in 2024, includes modules for network research, phishing, OSINT, and data collection."
"According to an analysis by Netskope Threat Labs, RedTiger is primarily focused on stealing Discord accounts. The malware injects custom JavaScript code into the Discord client to intercept account information, payment details, and tokens. Even if a victim changes their password or email address, the malware can continue to collect new login credentials using this method. In addition, RedTiger collects browser data such as stored passwords, cookies, credit card information, and browsing history."
"The exfiltration of stolen data takes place in two phases. First, all collected files are compressed and uploaded to GoFile, a free cloud storage service that does not require an account. RedTiger then sends the download link and the victim's system information to the attacker via a Discord webhook. The malware also has various mechanisms to avoid detection, such as terminating processes on virtual machines or test environments."
RedTiger is an open-source Python tool released in 2024 with modules for network research, phishing, OSINT, and data collection. The built-in infostealer is exploited to harvest Discord credentials, payment details, browser-stored passwords, cookies, credit card data, crypto wallets, and game accounts including Roblox. The malware injects custom JavaScript into the Discord client to intercept account information and tokens and can continue capturing new login credentials after password or email changes. Collected files are compressed and uploaded to GoFile, and download links plus system information are sent to attackers via a Discord webhook. Evasion techniques include terminating processes in virtual machines, modifying the hosts file to block security sites, spawning hundreds of processes, and creating many random files to complicate forensic analysis.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]