Gamers face a growing threat from cybercriminals exploiting popular gaming and communication platforms.
A dangerous infostealer called RedTiger is now actively circulating in the wild, specifically designed to steal Discord credentials, gaming accounts, and sensitive financial information from unsuspecting players worldwide.
Security researchers have identified multiple variants of the malware already targeting victims, with evidence suggesting attackers are focusing on French-speaking gaming communities.
Understanding RedTiger
RedTiger started as a legitimate red-teaming toolkit released publicly in 2024. Red-teaming tools are software designed for authorized security professionals to test and evaluate system defenses.
However, like many powerful tools before it, attackers have weaponized RedTiger’s capabilities for malicious purposes.
The toolkit includes various dangerous features like phishing kits, network scanning utilities, and crucially, an infostealer component that cybercriminals are now deploying against everyday gamers.
The infostealer portion of RedTiger has proven particularly effective at harvesting valuable personal data.
It specifically targets Discord accounts by injecting malicious code directly into the Discord client application.
Beyond Discord, the malware collects browser-saved passwords, payment card information, cryptocurrency wallet credentials, and gaming account details like Roblox login information.
The tool can even secretly record victims through their webcams, adding another layer of privacy violation.
RedTiger uses a two-stage data theft process to maximize anonymity. First, the malware compresses all stolen information and uploads it to GoFile, a cloud storage service that allows anonymous uploads without requiring an account.
Once uploaded, GoFile generates a download link that the attacker receives through a Discord webhook.
This method keeps the attacker hidden while ensuring they reliably receive the stolen data.
The malware also sends victim details like IP addresses, geographic location, and computer hostname to help attackers identify and organize their stolen information.
The malware includes clever persistence mechanisms that allow it to survive system restarts on Windows, Linux, and macOS devices.
Once installed, it automatically runs whenever the victim boots their computer, maintaining access to the infected system indefinitely.
RedTiger represents the latest in a troubling trend of infostealers specifically targeting gamers.
Security teams have already identified multiple variants actively spreading in the wild, and experts expect more dangerous versions to emerge soon.
The malware’s open-source nature means anyone can modify it, creating endless variations that antivirus software struggles to detect.
Gamers should be vigilant about downloading executable files from untrusted sources, keep their systems updated with security patches, and consider using strong, unique passwords for their Discord and gaming accounts.
The gaming community remains a lucrative target for attackers seeking financial information and account access, making cybersecurity awareness essential for online players.
IOCs
MD5 (RedTiger Script)
84E6F7FAF4966BA45A633F2F42440BFF
636D4A176D29AF9611EC5706BE86ED8F
67B54003C45C9F24507C0CFD7B8B31D1
013191138F20B85DDAFA6C40E7D6628F
DE6C9673F5EE266AC6B3B3BF02F15DC8Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
