Beware gamers, the game you’re playing might just be playing you
A new cyber menace is prowling through the digital jungle, and it’s hunting gamers. Researchers have uncovered RedTiger, an open-source Python tool that’s supposed to help ethical hackers test networks, now gone wild in the hands of real-world criminals. Since early 2024, the malware has been tearing through Discord servers and gaming circles, hijacking accounts, raiding wallets, and turning digital fun into digital fraud.
Originally published on GitHub as a red-teaming framework, RedTiger offered a legit set of features, network scanning, OSINT utilities, password cracking. But attackers have twisted those same tools into a credential-stealing Swiss army knife. The infostealer digs into browsers for saved logins, sniffs crypto wallets, snaps webcam photos, and even modifies Discord’s index.js file to intercept tokens, payment details, and MFA codes. Basically, your favorite chat app just got a new unwanted roommate.
What makes RedTiger even terrible is its persistence game. It anchors itself deep into Windows, macOS, and Linux systems, bypassing forensic tools by flooding processes and deleting traces. Sandbox environments? It ghosts them, shutting down instantly if it spots virtual setups, test usernames, or low-spec hardware. Exfiltration happens in two slick stages: stolen loot heads first to GoFile, then slips through Discord webhooks to the attacker. All wrapped in everyday traffic, stealth mode, activated.
Watch for PyInstaller-built files with gaming or Discord-style names, odd tweaks to discord_desktop_core/index.js, sudden GoFile uploads, or random bursts of processes and files clogging your system. If security sites stop loading or your hosts file starts blocking vendors, that’s another tell. RedTiger doesn’t break in, it slides in through Discord DMs, cracked tools, mod sites, click-baity YouTube links, and shady ads. Spot any of these vibes? That’s your cue to pull the plug and isolate before it spreads.
Netskope has flagged the campaign under Win64.Trojan.RedTiger, warning that it could easily scale beyond gamers. The open-source base means anyone can tweak and redeploy it, think Cobalt Strike vibes for a younger, Discord-obsessed crowd.
Bottom line: revoke Discord tokens, nuke infected clients, and clean browsers. Because the next “friend request” might just be RedTiger sliding into your DMs, and this one doesn’t come with XP points.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
