Free Discord Nitro Offer Used to Steal Steam Credentials

A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.

There’s a new scam making the rounds on Discord, through which cybercriminals can harvest Steam account information and make off with any value it contains.

Gamer-aimed Discord scams are just about everywhere. But researchers flagged a new approach as noteworthy because it crosses over between Discord and the Stream gaming platform, with crooks offering a purported free subscription to Nitro (a Discord add-on that enables avatars, custom emoji, profile badges, bigger uploads, server boosts and so on), in exchange for “linking” the two accounts.

Researchers at Malwarebytes Labs released a report detailing the new Discord Nitro tactic, explaining that the target is first served a malicious direct message on Discord with the fake offer:

Source: Malwarebytes Labs.

“Just link your Steam account and enjoy,” the message says, and it includes a link purportedly to do just that. The malicious link takes users to a spoofed Discord page with a button that reads, “Get Nitro.”

Infosec Insiders Newsletter

There are several malicious domains associated with the spoofed page, analysts noted:

  • 1nitro.club
  • appnitro-discord.com
  • asstralissteam.org.ru
  • discord-steam-promo.com
  • discordgifte.com
  • dicsord-ticket.com
  • discord-appnitro.com
  • ds-nitro.com
  • nitro-discordapp.com
  • nitrodsgiveways.com
  • steam-nitro.online

The button initiates a fake pop-up window that appears to send targets off to Steam — but in fact, it keeps them on the same malicious page.

Fake Pop-Up Ads

As Malwarebytes Labs explained in the report, once a victim clicks on the button, the site appears to serve a Steam pop-up ad, but researchers explained the ad is still part of the same malicious site. The gambit is intended to fool users into thinking they’re being taken to the Steam platform to enter in their login information — supposedly to fulfil the request to “link” the Steam account with Discord for the free Nitro subscription.

“When Discord users key in their Steam credentials in the fake pop-up, it will show them the error message saying, ‘The account name or password that you have entered is incorrect,'” the report said. “Behind the scenes, though, their Steam credentials have already been stored into the scam website.”

Source: Malwarebytes.

Stolen gamer accounts can fetch around $14 per 1,000 accounts in underground criminal forums, according to a report from Sept. from Kaspersky Labs — so it’s no wonder that they’ve become common targets for phishing, malware and more.

Gaming Security Woes

Attacks on the gaming industry skyrocketed during the first year of the pandemic, with attacks on web applications shooting up 340 percent in 2020, according to Akamai.

Discord, which is popular for hosting gaming servers, has been grappling with a malware problem for many months. A report from Sophos last summer showed malware on Discord is up 140 percent over 2020.

Steam has been abused in the past as well. Accounts and in-game payment information was recently targeted by a trojan called BloodyStealer; and last summer, a bug in Steam’s code let gamers trick the platform’s Smart2Pay system to fill their digital wallets with unlimited funds. It’s also been used as a malware host in a campaign called “SteamHide.”

And, fake “Among Us” and Steam offerings are circulating on TikTok, with the goal of spreading malware.

As cybercriminals continue to prey on gamers with new attacks, Malwarebytes Labs latest report implored players to stay aware of threats, adding the simple, yet effective, advice: “Please don’t just click links that come out of the blue.”

Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials to Stop Attacks,” on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.

Register NOW for the LIVE event and submit questions ahead of time to Threatpost’s Becky Bracken at becky.bracken@threatpost.com.

Suggested articles

Discussion

  • Hell on

    They found this JUST NOW ? I have a friend that is spamming me every couple of hours with links , this is an automated virus that sends messages with links . I've even reported about 20 different urls to Google.
  • Lmao no on

    This isn't anything new but nice amount of ads on the page.
  • Red_Will on

    The thing that annoys me is this moron scammer has his actual name and email on the whois form and yet no one's done anything about it
  • Spicy on

    Well happened to me too. Someone on a private discord server shared a link of a site where free Nitro should be given. Lost my account but Steam support was there to help me, not the first time something like this happened
  • robvogs on

    Yea, today i got someone dm'ing me about this "Real" free discord nitro link. To find out this is real, you must go to the steam website or store, cause that is where all announcements are posted. there is a new link, which i will give it to you. do not go to the website that i am going to give you [external link removed]
  • Anonymous on

    ok
  • selena on

    stupid me believed and did what the website said. I'm scared it will now reach my other accounts what do I do?????
  • thorulrta on

    how do i reach steam support and recover it? help me out here
  • Alex Schwart on

    When they changed your info your original email will have emails for each change, click the recovery link there. They will have changed everything so it will still have to go to support, sadly the automated recovery still requires email or password for some reason
  • wanker jeff goodfrey on

    You are basically fucked so create a new account or do codeing stuff

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.