Malware cleverly weaponizes Discord to steal game currency from Roblox players

Discord Screenshot Desktop MacOS
A flaw in Discord’s Application Program Interface (API) has allowed nefarious individuals to steal login credentials for Roblox, one of the first MMOs to support VR. From there, the Robux in-game currency can be funneled into a separate account and cashed out. Although only exploitable through traditional phishing practices, the flaw does raise concerns over the integration of popular applications with games that have real-money stores.

Discord is a popular chat application often used by gamers. It has the ability to handle group VOIP (Voice Over Internet Protocol) conversations and various other social functions. While popular with Roblox players, it has proven problematic as of late due to its API’s ability to execute user-generated code and applications. Because of that, infected systems can use the tool to steal user account information from Roblox in a money-making endeavor.

The method of attack first requires that a system be infected with malware. TrendMicro found an instance of a particular infectious program masquerading as a cheat app on one forum. That malware can sink its hooks into Discord and then wait for a user to play Roblox. When they do, it steals their account cookie and then sends that file over Discord to a specified channel.

Those behind the attack can use that cookie to log into the victim’s Roblox account and summarily transfer out all of their in-game Robux, which can then be transferred out of the game and turned into actual cash.

There are even variants of the malware that persistently steal login details, making it difficult to control the damage done with a password change. What you can do to prevent such attacks in the first place is be very wary of unofficial applications that claim to have the ability to help you cheat in multiplayer games. While their use is unfair to other users, you also run the risk of infecting your system.

TrendMicro also recommends running a decent anti-malware program. It’s also good advice to keep such applications, as well as your operating system, updated. You should also be very wary of sharing credentials online, though in this instance, the exploit does it automatically for you.

It’s important to not trust any chat app too much. As TrendMicro’s other research shows, the APIs of many VOIP platforms have been leveraged heavily by hackers in recent years as their usage has grown.

Gaming

Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Computing

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Four fake cryptocurrency apps were listed on the Google Play Store

It is a dangerous time to be going after crytocurrency on Android. Four bogus cryptocurrency apps were spotted on the Google Play Store this week, according to a report from cybersecurity researcher Lukas Stefanko. 
Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Computing

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.
Computing

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.
Deals

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Web

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.
Computing

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.