Discord Scam: Free Offer Steals Steam Information

A fraudulent pop-up now being seen over the VoIP and messaging platform is asking users to link their account for free Nitro subs.

Discord deals with its fair share of scams, just like any other online platform. However, the crossover between Discord and Steam is noteworthy in its novelty.

Cybercriminals behind the scam intend to steal a victim’s Steam account information, which may include things like names and saved credit card details. They’ll offer a 1-month subscription to Nitro, an add-on that enables various updated features for the platform, in exchange for a linked account. The direct message says “Just link your steam account and enjoy,” and includes a fake link with a button reading “Get Nitro.”

There’s a number of different domains the fraudulent page could be under, including:

• 1nitro.club
• appnitro-discord.com
• asstralissteam.org.ru
• discord-steam-promo.com
• discordgifte.com
• dicsord-ticket.com
• discord-appnitro.com
• ds-nitro.com
• nitro-discordapp.com
• nitrodsgiveways.com
• steam-nitro.online

Researchers at Malwarebytes Labs explained that once a user has clicked on the “Get Nitro” button, the website appears to show an pop-up advertisement from Steam. The goal is to fool victims into thinking they’re being redirected to Steam, however this is not the case. If a user inputs their login information, they’re too late. In underground forums, stolen accounts go for roughly $14 per 1000 accounts.

Due to the pandemic, cyberattacks on the gaming industry have skyrocketed. According to Akamai, web application attacks went up 340% in 2020. Malware on Discord is up 140% as well as of last year, according to Sophos. Threat actors have taken advantage of, and preyed upon, unsuspecting victims due to the weakening of cybersecurity practices. Make sure to keep an eye out for suspicious messages, emails and offers that come your way.