Gamers worldwide are facing a growing threat as cybercriminals weaponize a powerful security tool for malicious purposes.
A dangerous infostealer called RedTiger is now actively circulating in the wild, specifically designed to steal Discord credentials, gaming accounts, and sensitive financial information from unsuspecting players.
Security researchers have identified multiple variants already targeting victims, with evidence suggesting attackers are focusing heavily on French-speaking gaming communities and beyond.
RedTiger originally started as a legitimate red-teaming toolkit released publicly in 2024.
Red-teaming tools are software designed for authorized security professionals to test and evaluate system defenses.
However, like many powerful tools before it, attackers have weaponized RedTiger’s capabilities for criminal purposes.
The toolkit includes various dangerous features, such as phishing kits, network scanning utilities, and crucially, an infostealer component that cybercriminals are now deploying against everyday gamers.
How RedTiger Steals Your Information
The infostealer portion of RedTiger has proven particularly effective at harvesting valuable personal data from victims’ computers.
It specifically targets Discord accounts by injecting malicious code directly into the Discord client application.
Beyond Discord, the malware collects browser-saved passwords, payment card information, cryptocurrency wallet credentials, and gaming account details like Roblox login information.
The tool can even secretly record victims through their webcams, adding another disturbing layer of privacy violation.
RedTiger uses a clever two-stage data theft process to maximize anonymity and ensure attackers receive stolen information reliably.
First, the malware compresses all stolen data and uploads it to GoFile, a cloud storage service that allows anonymous uploads without requiring an account.
Once uploaded, GoFile generates a download link that the attacker receives through a Discord webhook.
This method keeps the attacker completely hidden while ensuring they successfully receive the stolen data.
The malware includes sophisticated persistence mechanisms that allow it to survive system restarts on Windows, Linux, and macOS devices.
Once installed, it automatically runs whenever the victim boots their computer, maintaining access to the infected system indefinitely.
RedTiger also sends victim details like IP addresses, geographic location, and computer hostname to help attackers identify and organize their stolen information effectively.
RedTiger represents the latest in a troubling trend of infostealers specifically targeting gamers and Discord users.
Security teams have already identified multiple variants actively spreading in the wild, and experts expect more dangerous versions to emerge soon.
The malware’s open-source nature means anyone can modify it, creating endless variations that antivirus software struggles to detect.
Gamers should be vigilant about downloading executable files from untrusted sources, keep their systems updated with security patches, and consider using strong, unique passwords for their Discord and gaming accounts.
The gaming community remains a lucrative target for attackers seeking financial information and account access, making cybersecurity awareness essential for online players.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=A dangerous infostealer called RedTiger is now actively circulating in the wild, specifically designed to steal Discord credentials, gaming accounts){kind=link}