- Discord users are targeted by a scam parading as an invite to download the Discord Nitro and enjoy it for free.
- The spoofed landing page asks for Steam credentials in a fake pop-up that looks like the legit stuff.
- The scam will show Users will see free Nitro advert that leads to a popup window asking for credentials.
Actors are now deploying a phishing campaign targeting Discord users with a message that offers a fake free month of Nitro. Victims that take the bait end up on a spoofed website that looks like a legitimate Discord page where a fake pop-up appears asking for the user's Steam credentials. Needless to say, the login user and password are stolen by the actors and nothing is given.
The unidentified actors start their phishing campaign with a message sent to Discord direct messages that presents a Discord "Niltro" URL supposedly giving away one month of free Nitro and asks the recipients to link their Stream account.
If the targets do not see the misspelling and actually click the URL, they get redirected to a legit-looking Discord landing page with a "Get Nitro" button. Clicking this button opens up a Steam-like pop-up window which is not really that, but it's part of the phishing website and cannot be dragged.
After the victims enter their credentials they get an "incorrect password" alert. However, behind the page itself, the login information is stored.
The actors use the 195[dot]133[dot]16[dot]40 IP for this phishing campaign, and Malwarebytes also found more than one hundred other scam-related domains on this IP, such as:
This is a great way to compromise your Steam account and privacy from all linked accounts. Steam users should stay aware of such scams and avoid falling for Discord Nitro or other game-related scams offering easy and suspicious benefits.