CISA orders federal agencies to fix hundreds of exploited security flaws
US sanctions NSO Group and three others for spyware and exploit sales
Microsoft: Windows 11 built-in apps might not open on some systems
BlackMatter ransomware claims to be shutting down due to police pressure
Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps
Beware: Free Discord Nitro phishing targets Steam gamers
UK Labour Party discloses data breach after ransomware attack
BlackMatter ransomware moves victims to LockBit after shutdown
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Discord
​A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams.
The phishing scam is being conducted by many Discord accounts controlled by the threat actors or as automated bots that send other users links to what is supposedly a guide on how to receive Discord Nitro for free.
“See, here free nitro 1 month, just link your Steam account and enjoy,” reads the phishing messages sent to Discord users as shown below.
While this sounds like a promotional campaign (other than the grammar), the links take victims to a phishing site that the attackers made to look like a legitimate Discord page promoting the Nitro feature.
After clicking on the “Get Nitro” button, a fake Steam login form is displayed, which looks almost identical to the legitimate form. 
In reality, the pop-up is a new window opened right on the phishing page, so whatever Steam credentials are entered are sent directly to the hacker’s server.
When attempting to login, victims are shown an error saying, “The account name or password that you have entered is incorrect,” and prompts the user to log in again.
This double-verification method ensures that no typing errors were made during the phishing process and that the stolen credentials are correct.
Discord Nitro is a paid membership plan on the popular VoIP and instant messaging platform, which comes with a set of highly sought-after account customization, content uploading, and server boost perks.
Such is the popularity of Nitro that we’ve seen malware strains distributed using the same bait and even ransomware gangs asking for Nitro gift codes in return for a working decryptor.
The latest scam analyzed by Malwarebytes is very similar to the one seen by BleepingComputer in the Summer of 2019. However, with that scam, threat actors used a “free game” as bait to serve victims with a fake Steam single sign-on page.
As these landing URLs get reported and blacklisted, actors register new ones and move their malicious operations to new infrastructure, as shown by the list below shared by Malwarebytes.
Similarly, phishing lures are constantly changing with new lures to intrigue gamers with a promise for something free.
With that said, when using Discord, users should be suspicious of any messages claiming to offer something for free if they click on an URL.
There are no things offered for free outside the platforms themselves, so if Steam and Discord run a promotional campaign together, you would see it on either of the respective official apps/websites.
Intuit warns QuickBooks customers of ongoing phishing attacks
New “Elon Musk Club” crypto giveaway scam promoted via email
Mobile phishing attacks targeting energy sector surge by 161%
Kaspersky’s stolen Amazon SES token used in Office 365 phishing
Snake malware biting hard on 50 apps for only $25
Not a member yet? Register Now
Microsoft 365 outage blocks access to OneDrive, SharePoint files
Microsoft announces new endpoint security solution for SMBs
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

UK government transport website caught showing porn

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

The Week in Ransomware – November 19th 2021 – Targeting Conti

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…

Twitter removes 3,400 accounts used in govt propaganda campaigns

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

Windows 10 21H2 is released, here are the new features

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…