RedTiger infostealer abuse targeting French Discord account holders

Malware Activity

First reported

26.10.2025 16:26

Last updated

26.10.2025 16:26

Happening score

H score 21

1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are abusing RedTiger as an infostealer to steal Discord account data and payment information, putting French Discord account holders at immediate risk. The malware also harvests browser credentials, crypto wallet data, and game accounts, expanding the theft beyond Discord. It can inject JavaScript into Discord's `index.js`, capture login attempts and purchases, and exfiltrate the loot through GoFile and a Discord webhook.

Related Happenings

Discord defaults voice and video calls to end-to-end encryption

Security Tool/Service

First: 19.05.2026 23:37 Last: 19.05.2026 23:37 Sources 1

About this happening: **Discord** has made **end-to-end encryption (E2EE)** the default for **voice and video calls**, strengthening privacy across a widely used communications platform. The rollout wa...

Open Happening

Timeline

26.10.2025 16:26 1 articles · 7mo ago

RedTiger infostealer abuse targeting French Discord account holders

Initial Disclosure
Threat actors are abusing RedTiger's info-stealer component to target French Discord account holders, collecting Discord account data, browser credentials, payment information, browser cookies and passwords, cryptocurrency wallet files, game files, and Roblox data. The malware is compiled with PyInstaller into standalone binaries, injects custom JavaScript into Discord's index.js to intercept API calls and capture login attempts, purchases, and password changes, and exfiltrates archives through GoFile and a Discord webhook while using anti-sandbox checks and debugger detection to hinder analysis.
Show sources

Hackers steal Discord accounts with RedTiger-based infostealer — www.bleepingcomputer.com — 26.10.2025 16:26
Open in new tab