Skip to main content
  1. Home
  2. Computing
  3. Gaming
  4. Web
  5. News

Malware cleverly weaponizes Discord to steal game currency from Roblox players

By
Add as a preferred source on Google

A flaw in Discord’s Application Program Interface (API) has allowed nefarious individuals to steal login credentials for Roblox, one of the first MMOs to support VR. From there, the Robux in-game currency can be funneled into a separate account and cashed out. Although only exploitable through traditional phishing practices, the flaw does raise concerns over the integration of popular applications with games that have real-money stores.

Discord is a popular chat application often used by gamers. It has the ability to handle group VOIP (Voice Over Internet Protocol) conversations and various other social functions. While popular with Roblox players, it has proven problematic as of late due to its API’s ability to execute user-generated code and applications. Because of that, infected systems can use the tool to steal user account information from Roblox in a money-making endeavor.

Recommended Videos

The method of attack first requires that a system be infected with malware. TrendMicro found an instance of a particular infectious program masquerading as a cheat app on one forum. That malware can sink its hooks into Discord and then wait for a user to play Roblox. When they do, it steals their account cookie and then sends that file over Discord to a specified channel.

Those behind the attack can use that cookie to log into the victim’s Roblox account and summarily transfer out all of their in-game Robux, which can then be transferred out of the game and turned into actual cash.

There are even variants of the malware that persistently steal login details, making it difficult to control the damage done with a password change. What you can do to prevent such attacks in the first place is be very wary of unofficial applications that claim to have the ability to help you cheat in multiplayer games. While their use is unfair to other users, you also run the risk of infecting your system.

TrendMicro also recommends running a decent anti-malware program. It’s also good advice to keep such applications, as well as your operating system, updated. You should also be very wary of sharing credentials online, though in this instance, the exploit does it automatically for you.

It’s important to not trust any chat app too much. As TrendMicro’s other research shows, the APIs of many VOIP platforms have been leveraged heavily by hackers in recent years as their usage has grown.

Jon Martindale
Jon Martindale
Former Evergreen writer
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
Topics
Gemini will now take notes for you in Google Meet for you, if you the minimum $20 AI tax
Yet another Google subscription just dropped for Gemini
Google Meet Take Notes for me Gemini

Google has just released a useful Gemini feature, which you can try if you are a paying member of course. The company is now bringing "Take notes for me" for Gemini, which will be available in Google Meet for Google AI Pro and Google AI Ultra subscribers, along with eligible Workspace business customers.

For personal users, the feature starts with Google AI Pro, which costs $19.99 per month in the US. In other words, Gemini can now take your Google Meet notes, provided you pay the minimum AI tax.

Read more
After iPad Pro and MacBook Pro, the iMac could be the next in line for an OLED screen upgrade
iMac with M4

The iPhone got an OLED panel in 2017, while the iPad Pro followed in 2024. Even the MacBook Pro is expected to follow later this year or early next year. But what about the iMac?

According to TrendForce, the iMac could get an OLED upgrade. There's no timeline yet, but the direction is clear. Apple wants to replace its current display technologies with OLED, raising the bar for color quality for both regular users and professionals.

Read more
This $1,299 gaming PC wants to be a Steam Machine without waiting for Valve
Valve’s Steam Machine dream is already real in MetaPC's new prebuilt
MetaPC's Steamroller is a new Steam Machine rival

Valve’s Steam Machine may be the face of SteamOS, but the platform isn't exclusive to it. A big announcement after Steam Machine's unveiling was that SteamOS would be arriving on systems outside of the new hybrid console. Now, MetaPCs is one of the first to take advantage of this by opening the preorders for the Steamroller, a new prebuilt gaming desktop that ships with SteamOS installed by default.

Though Steamroller is not trying to be a tiny console-like cube. It is a normal desktop PC with standard parts and a real upgrade path. The system costs $1,299 and is listed with a preorder date of July 3, 2026.

Read more