Free Discord Nitro Offer Used to Steal Steam Credentials

A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.

There’s a new scam making the rounds on Discord, through which cybercriminals can harvest Steam account information and make off with any value it contains.

Gamer-aimed Discord scams are just about everywhere. But researchers flagged a new approach as noteworthy because it crosses over between Discord and the Stream gaming platform, with crooks offering a purported free subscription to Nitro (a Discord add-on that enables avatars, custom emoji, profile badges, bigger uploads, server boosts and so on), in exchange for “linking” the two accounts.

Researchers at Malwarebytes Labs released a report detailing the new Discord Nitro tactic, explaining that the target is first served a malicious direct message on Discord with the fake offer:

Source: Malwarebytes Labs.

“Just link your Steam account and enjoy,” the message says, and it includes a link purportedly to do just that. The malicious link takes users to a spoofed Discord page with a button that reads, “Get Nitro.”

There are several malicious domains associated with the spoofed page, analysts noted:

Read More: