- New discord scam uses the promise of free Nitro to lure victims to phishing page
- Steam creds are stolen by use of a highly realistic looking fake sign in window
The new scam, initially reported on by Malwarebytes sees scammers using the bait of a month of free Nitro to lure Discord users to a phishing page.
The messages are spread via what appear to be discord bots. After loading the hyper realistic phishing page a steam log in window pops up, prompting users to link their steam account in order to redeem their free Nitro.
Traffic analysis by Malwarebytes shows the true origin of the login page to be an actor controlled server. Inputting creds sends them straight to attackers whom will likely pillage any nabbed accounts.