NitroHack virus targets Discord users to steal user tokens
Contents
NitroHack malware is the latest cyber threat targeting Discord users. This particular virus pretends to be a hack for the Discord premium Nitro service to infiltrate the system. Once it is inside, it makes certain modifications to the index.js file by appending a malicious code. After the modification, this virus is capable to steal users’ tokens every time they log in to their account. The collected users’ tokens are directly transmitted to another Discord channel that is controlled by the attackers.
Recently, there has been a significant increase in Trojans like this. For example, the recent AnarchyGrabber malware is mainly developed to perform similar actions on Discord application as the NitroHack virus. Experts believe that this software caught cybercriminals’ attention as is it exceptionally easy to modify various JavaScript files related to the software. Currently, the Trojan embeds a malicious code to %AppData%\\Discord\0.0.306\modules\discord_voice\index.js file as well as make changes to Discord Public Test Build and Discord Canary clients.
The malicious code is designed to reprogram Discord to start a continuous transmission of the user’s token to a specific channel controlled by the attackers. Another important note is that stealing the tokens require the malware to scan information collected from the browsers, including Safari, Chrome, Mozilla, Yandex, etc. Once the gathered databases are sent to the cybercriminals, they are able to connect to the victim’s account and take it over right away along with keeping other personal information.
Furthermore, NitroHack is programmed to launch https://discordapp.com/api/v6/users/@me/billing/payment-source URL and attempt to steal the saved payment information. That includes credit card details, full name, billing, and e-mail address, and other highly sensitive data. The stolen information can either be used by the hackers directly or sold on illegal underground websites for others to use. Unfortunately, the consequences can be more than serious, including identity theft, a risk to privacy, and enormous financial losses.
Ways to identify the infection
In case you have any concerns about your account security, you should first check for malware manually. Those who are using Windows should navigate to Start > Run, type %AppData%\\Discord\0.0.306\modules\discord_voice\index.js, and press OK. You should be able to open the JavaScript file with the Notepad application to see the text inside of it. Additionally, you might be asked to enter the administrator’s password to access the information.
Once you open the file, it is essential to identify if the document contains the malicious code provided by the malware. Usually, the original file should end with a “module.expert = VoiceEngine;” line unless you intentionally made some modifications yourself. Otherwise, if the file contains anything else after that line, there is a high chance that your Discord client is infected with a Trojan.
If you want to protect your account and private information from the attackers, we strongly suggest you remove NitroHack malware as soon as you notice any symptoms. Note that, the elimination procedure is relatively tricky. Thus, our experts recommend installing a professional malware removal software such as INTEGO Antivirus to help you detect all virus-related components and clean your system. Additionally, we recommend repairing virus damage on the system using well-approved software RESTORO.
Keep in mind that it is vital NOT to log in to your account if you notice that your account is infected. This way you will prevent the malware from collecting and sending your token to the attackers. In fact, you should start NitroHack removal right after you identify an attack. As we have already mentioned, you should get help from a robust antivirus to help you identify all elements of the virus. If you fail to get rid of important malware-related files, the Trojan elimination is most likely to be unsuccessful. Therefore, it is best to use a professional software for taking care of it.
Short Summary
Name | NitroHack malware |
Type | Discord Trojan, password-stealing virus |
Similar viruses | AnarchyGrabber malware |
Targeted files | %AppData%\\Discord\0.0.306\modules\discord_voice\index.js, and the same file in Discord Public Test Build and Discord Canary clients |
Symptoms | No particular symptoms, just the malware might try to continuously open https://discordapp.com/api/v6/users/@me/billing/payment-source URL to steal payment information |
Distribution | Spreads as a fake hack to Discord Nitro services and as a malicious link via infected accounts on the app |
Damage | Cybercriminals steal victims’ accounts, their payment data and further information from the browsers; Additionally, they use the hacked accounts to further spread the Trojan |
Removal | You can try to get rid of the malware automatically. For that, consider using INTEGO Antivirus. To repair virus damage on the system, download RESTORO |
Attackers use victims’ accounts to distribute the malware
Since the malware provides access to people’s accounts, cybercriminals try to distribute the virus through the attacked accounts. Usually, victim’s friends that are connected via Discord receive a message offering to download a hack for Discord Nitro service via the attached link. Sadly, this is merely a trick to disguise malware and spread it further in the cyberspace. Likewise, everyone who clicks on the link starts an automatic installation of the Trojan.
Note that the malicious link can not only be sent to you via the Discord. Since the malware is designed to imitate a software hack, many of those are often uploaded on peer-to-peer (P2P) networks. If you see a hack for Discord Nitro services, do NOT download it under any circumstances. In fact, you should refrain from getting any type of illegal software cracks from P2P sites. Otherwise, there is a strong risk that you will infect your computer with Trojans, malware, and other cyber threats.
Mandatory steps to successfully uninstall NitroHack virus from Discord
There are a few steps that you must complete to successfully remove NitroHack malware from your system. Firstly, you should make sure that your computer is infected by searching for modifications on index.js file as explained above. Once you make sure, please download an antivirus that is capable to deal with various cyber threats and is advised by certified technicians. In addition, our Geek’s Advice team suggests using RESTORO for virus damage repair. It is exceptionally simple to use and highly effective.
Once the antivirus performs NitroHack removal, you should uninstall Discord application from your computer. Uninstalling the app makes sure that the modifications in the JavaScript file are eliminated and will no longer execute the malicious code. Then, reinstall Discord and change passwords on all your private accounts. This way you will make sure that your data is secure again. For further information, please follow the guide below.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
NitroHack malware Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove NitroHack malware files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.
Special Offer
Compatibility: Microsoft Windows
See Full Review
RESTORO is a unique PC Repair Tool which comes with an in-built Avira scan engine to detect and remove spyware/malware threats and uses a patented technology to repair virus damage. The software can repair damaged, missing or malfunctioning Windows OS files, corrupted DLLs, and more. The free version offers a scan that detects issues. To fix them, license key for the full software version must be purchased.
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before the malware infiltration.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Scott Bolton is a senior content strategist in our Geek’s Advice team. He is exceptionally passionate about covering the latest information technology themes and inspire other team members to follow new innovations. Despite the fact that Scott is an old-timer among the Geeks, he still enjoys writing comprehensive articles about exciting cybersecurity news or quick tutorials.
Leave a Reply