Malware cleverly weaponizes Discord to steal game currency from Roblox players

Discord Screenshot Desktop MacOS
A flaw in Discord’s Application Program Interface (API) has allowed nefarious individuals to steal login credentials for Roblox, one of the first MMOs to support VR. From there, the Robux in-game currency can be funneled into a separate account and cashed out. Although only exploitable through traditional phishing practices, the flaw does raise concerns over the integration of popular applications with games that have real-money stores.

Discord is a popular chat application often used by gamers. It has the ability to handle group VOIP (Voice Over Internet Protocol) conversations and various other social functions. While popular with Roblox players, it has proven problematic as of late due to its API’s ability to execute user-generated code and applications. Because of that, infected systems can use the tool to steal user account information from Roblox in a money-making endeavor.

The method of attack first requires that a system be infected with malware. TrendMicro found an instance of a particular infectious program masquerading as a cheat app on one forum. That malware can sink its hooks into Discord and then wait for a user to play Roblox. When they do, it steals their account cookie and then sends that file over Discord to a specified channel.

Those behind the attack can use that cookie to log into the victim’s Roblox account and summarily transfer out all of their in-game Robux, which can then be transferred out of the game and turned into actual cash.

There are even variants of the malware that persistently steal login details, making it difficult to control the damage done with a password change. What you can do to prevent such attacks in the first place is be very wary of unofficial applications that claim to have the ability to help you cheat in multiplayer games. While their use is unfair to other users, you also run the risk of infecting your system.

TrendMicro also recommends running a decent anti-malware program. It’s also good advice to keep such applications, as well as your operating system, updated. You should also be very wary of sharing credentials online, though in this instance, the exploit does it automatically for you.

It’s important to not trust any chat app too much. As TrendMicro’s other research shows, the APIs of many VOIP platforms have been leveraged heavily by hackers in recent years as their usage has grown.

Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Gaming

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Gaming

Bethesda swings banhammer on ‘Fallout 76’ players visiting secret developer room

Bethesda is banning Fallout 76 players who gain access to the online multiplayer game's secret developer room. The hidden location contains plans for everything, including top-tier weapons and unreleased items.
Computing

Google is giving its G Suite web apps new touches of visual improvements

Your G Suite applications will soon have a different look. Several of the web apps are getting updated with subtle visual improvements inspired by Google's Material Design guidelines. 
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
Computing

An update to Microsoft To-Do will help you keep up with your resolutions

If you're looking to stay productive in 2019, you might want to check out the freshly updated Microsoft To-Do app, now with additional integration with the Windows 10 Start Menu and more.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

Could the next Microsoft HoloLens be announced at MWC 2019?

After not having a presence at Mobile World Congress for three years, Microsoft is now sending out media invites for a press conference on February 24 during the annual event in Barcelona. Could a next-generation HoloLens be on the way?
Computing

Microsoft to separate Cortana from search with the next version of Windows 10

Changes are on the way for two key features in Windows 10. A separation of Windows 10 search and Cortana will allow Microsoft to more often innovate on each of the features independently.
Computing

Convert your PDFs into convenient Word documents with Adobe or a free option

PDF files are great, but few document types are as malleable as those specific to Microsoft Word. Here's how to convert a PDF file into a Word document, whether you prefer to use Adobe's software suite or a freemium alternative.
Computing

Nvidia’s next midrange card might be a GTX 1660 Ti, rumors suggest

Nvidia may be working on a non-RTX Turing graphics card called the 1660 Ti. Rumors suggest it will have around 20 percent fewer CUDA cores than the RTX 2060 and will lack ray tracing support.
Deals

From Samsung to HP, here are the best cheap Chromebook deals right now

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- with most…