Cybersecurity researchers have discovered that attackers are exploiting the open-source red-team tool RedTiger to create a powerful information-stealing malware that targets Discord users.
The malware is capable of stealing Discord account data, payment information, browser credentials, cryptocurrency wallets, and even game accounts.
RedTiger is a Python-based penetration testing suite for Windows and Linux that includes tools for network scanning, password cracking, OSINT tasks, and even a malware builder. While the project’s GitHub page labels its malicious features as “for legal use only,” the lack of restrictions makes it easy for cybercriminals to abuse it.

According to a report by Netskope, threat actors are using RedTiger’s info-stealer module to target primarily French Discord users. The attackers compile the RedTiger code using PyInstaller to create standalone executables disguised as gaming or Discord-related apps. Once installed, the malware searches the victim’s system for Discord and browser data, extracts tokens, and collects sensitive details like emails, multi-factor authentication information, and payment data linked to PayPal or credit cards.
The malware also steals browser-stored passwords, cookies, and crypto wallet files, captures screenshots, and uploads all stolen data to GoFile, a cloud storage service that allows anonymous uploads. The attackers then receive the download link via a Discord webhook. RedTiger uses advanced evasion techniques, including anti-sandbox features and process spamming, to hinder analysis.
Experts warn users not to download unofficial Discord tools, mods, or game boosters from unverified sources. If compromised, users should immediately revoke Discord tokens, change all passwords, reinstall the official Discord app, and enable multi-factor authentication.





