Actors Bait Discord Users With Free Nitro Version to Phish Steam User Credentials

Written by Supriyo Chatterji
Published on November 3, 2021

Actors are now deploying a phishing campaign targeting Discord users with a message that offers a fake free month of Nitro. Victims that take the bait end up on a spoofed website that looks like a legitimate Discord page where a fake pop-up appears asking for the user's Steam credentials. Needless to say, the login user and password are stolen by the actors and nothing is given.

source: Malwarebytes

The unidentified actors start their phishing campaign with a message sent to Discord direct messages that presents a Discord "Niltro" URL supposedly giving away one month of free Nitro and asks the recipients to link their Stream account.

source: Malwarebytes

If the targets do not see the misspelling and actually click the URL, they get redirected to a legit-looking Discord landing page with a "Get Nitro" button. Clicking this button opens up a Steam-like pop-up window which is not really that, but it's part of the phishing website and cannot be dragged.

After the victims enter their credentials they get an "incorrect password" alert. However, behind the page itself, the login information is stored.

source: Malwarebytes

The actors use the 195[dot]133[dot]16[dot]40 IP for this phishing campaign, and Malwarebytes also found more than one hundred other scam-related domains on this IP, such as:

This is a great way to compromise your Steam account and privacy from all linked accounts. Steam users should stay aware of such scams and avoid falling for Discord Nitro or other game-related scams offering easy and suspicious benefits.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: