Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

New Red Teaming Tool RedTiger Attacking Gamers And Discord Accounts In The Wild

Posted on October 24, 2025October 24, 2025 By CWS

RedTiger is an open-source red-teaming instrument repurposed by attackers to steal delicate knowledge from Discord customers and avid gamers.

Launched in 2025 on GitHub, RedTiger bundles penetration-testing utilities, together with community scanners and OSINT instruments. However its infostealer module has gone rogue, with malicious payloads circulating on-line since early 2025.

Netskope Risk Labs reported a number of variants focusing on French-speaking avid gamers, primarily based on pattern filenames and customized warnings like “Consideration, ton PC est infecté!” (Warning, your PC is contaminated!).

This marks the second gamer-focused infostealer Netskope has tracked this month, following a Python RAT geared toward Minecraft gamers.

Attackers favor RedTiger for its modularity and ease of customization, very similar to the abused Cobalt Strike framework. Distributed as PyInstaller-compiled binaries, these samples masquerade as recreation cheats or mods, tricking customers into execution.

Malicious RedTiger primarily based infostealer zeroes in on Discord accounts, injecting JavaScript into the app’s core recordsdata to hijack API site visitors.

It snags tokens through regex searches in Discord’s databases, validates them by API calls, and extracts person particulars like emails, MFA standing, and subscription ranges.

Even password adjustments don’t escape; the malware intercepts updates to billing endpoints for Stripe and Braintree, capturing card information, PayPal particulars, and Nitro purchases.

Past social platforms, it raids browsers Chrome, Firefox, Edge, and area of interest ones like Opera GX for cookies, passwords, historical past, and bank cards.

Sport recordsdata from Roblox and crypto wallets like MetaMask are copied wholesale, whereas .txt, .sql, and .zip recordsdata matching key phrases (e.g., “passwords”) get archived.

Roblox-specific cookie extraction through browser_cookie3 reveals account information by API queries. The malware provides persistence on Home windows by dropping into startup folders, although Linux and macOS implementations falter with out guide tweaks.

For evasion, it scans for sandbox indicators usernames like “sandbox” or {hardware} IDs tied to evaluation instruments and self-terminates, Netskope stated.

It additionally edits the hosts file to dam safety distributors and spawns a whole lot of junk recordsdata and processes to clog forensics.

Exfiltration is intelligent: Stolen knowledge zips up and uploads to nameless GoFile storage, with hyperlinks pinged to attackers through Discord webhooks, together with sufferer IP and geolocation.

RedTiger’s webcam snaps and screenshots spherical out its espionage package, utilizing OpenCV and Pillow libraries. Netskope detects it as Win64.Trojan.RedTiger, urging avid gamers to scan downloads and allow two-factor authentication.

As infostealers evolve, consultants warn of extra variants. “Players’ shared recordsdata and Discord reliance make them prime targets,” stated Netskope’s Rayudu Venkateswara Reddy. Victims ought to monitor accounts and use antivirus with behavioral detection to remain forward.

Cyber Security News Tags:Accounts, Attacking, Discord, Gamers, Red, RedTiger, Teaming, Tool, Wild

Post navigation

Previous Post: Critical Windows Server WSUS Vulnerability Exploited in the Wild 
Next Post: MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations

Related Posts

VMware NSX XSS Vulnerability Allows Attackers to Inject Malicious Code Cyber Security News
Microsoft Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges Cyber Security News
Researchers Details Masking Malicious Scripts and Bypass Defense Mechanisms Cyber Security News
Renault UK Suffers Cyberattack – Hackers Stolen Users Customers Personal Data Cyber Security News
Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads Cyber Security News
New Hook Android Banking Malware With New Advanced Capabilities and Supports 107 Remote Commands Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild
  • New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts
  • Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers
  • TransparentTribe Attack Linux-Based Systems of Indian Military Organizations to Deliver DeskRAT
  • Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild
  • New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts
  • Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers
  • TransparentTribe Attack Linux-Based Systems of Indian Military Organizations to Deliver DeskRAT
  • Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News