RedTiger Infostealer Targets Discord Users via Fake Game Mods

Oct 27, 2025

Summary

Attribute

Details

Attack Type

Infostealer (RedTiger-based)

Target

Discord users (primarily in France)

Impact

Theft of authentication tokens, browser data, and crypto wallets

Attack Vector

Malicious game mods, Discord utilities, and executables

Data Exfiltration

Uploaded to GoFile via Discord webhooks

Detection Evasion

Anti-sandboxing, dummy process spawning

Recommended Action

Revoke tokens, reinstall Discord, scan for malware

Incident Overview

Hackers have weaponized the open-source RedTiger penetration testing tool into a potent infostealer that targets Discord users. The malware masquerades as game mods or Discord utilities and spreads through unverified download sites and Discord servers.

Once installed, the malicious binary scans systems for Discord tokens, browser credentials, and cryptocurrency wallets. It injects code into Discord’s core files to intercept user actions and exfiltrates stolen data to anonymous cloud services like GoFile, sending the link to attackers via Discord webhooks.

Technical Breakdown

  • Distribution: Fake game mods, cheats, and “boost” tools shared via Discord or forums.

  • Data Stolen: Discord tokens, passwords, browser cookies, crypto wallets, game accounts.

  • Evasion: RedTiger’s modified build spawns multiple fake processes to evade analysis.

  • Command & Control: Exfiltrated data sent through webhooks and cloud file-sharing links.

These attacks bypass traditional password protection — once a Discord token is stolen, it can grant full account access, even with MFA enabled.

Recommended Actions

For Users:

  • Revoke all Discord sessions and reset passwords immediately.

  • Reinstall Discord from official sources.

  • Clear browser-saved passwords and cookies.

  • Run a full malware scan.

  • Avoid downloading “mods” or “tools” from unofficial sources.

For Organizations:

  • Monitor outbound traffic to GoFile and other anonymized upload domains.

  • Deploy endpoint detection rules to flag unusual process creation.

  • Include “free tool traps” in cybersecurity awareness simulations.

ClearPhish Insight

The RedTiger Discord campaign highlights how legitimate tools can be turned into attack weapons through human trust exploitation.
At ClearPhish, we simulate similar “Free Tool Trap” scenarios in our awareness programs—demonstrating how a single careless download can lead to a full-scale compromise.

By blending cinematic storytelling and micro-simulations, organizations can train users to pause before downloading anything that looks “helpful” but comes from unverified sources.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Jul 6, 2026

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Jun 26, 2026

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Jun 23, 2026

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Jun 10, 2026

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

Jun 3, 2026

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.