RedTiger infostealer targets gamers and Discord accounts

The emergence of the RedTiger infostealer marks a growing threat targeting gamers, particularly through Discord accounts. This report details the capabilities of RedTiger, a new open-source red-teaming tool that has been seen distributing infostealer payloads in real-world attacks.

Key Findings

RedTiger, released in 2024, functions as a tool for red-teaming, yet is being weaponized for cybercrime. Its abilities include the collection and exfiltration of sensitive personal data, particularly from gaming platforms such as Roblox and payment information stored within Discord.

Overview of RedTiger's Distribution

RedTiger infostealer samples detected have been compiled into binaries, primarily targeting gamers, with some samples indicating a focus on French-speaking users. The malware’s modular design allows for targeting various types of sensitive data.

Persistence Mechanism

The infostealer maintains persistence across different operating systems, including Windows, Linux, and macOS. For Windows, it can add itself to the startup folder, while the Linux implementation is less stable, relying on an incomplete script setup.

Data Exfiltration Process

Data exfiltration by RedTiger occurs in two stages: first, all stolen files are archived and uploaded to GoFile cloud storage, then a link is sent to attackers via Discord webhook. This streamlined process enables efficient data theft while minimizing detection risk.

Defense Evasion Techniques

RedTiger incorporates defense evasion features that terminate its operative processes when it identifies specific usernames or hardware commonly associated with security monitoring tools. This tactic enhances its stealth abilities and operational longevity.

Data Targets of RedTiger

The malware focuses on sensitive Discord account information, browser-stored data, and cryptocurrency wallet details. Operational techniques include direct interaction with Discord's Application Programming Interface (API) to capture critical user information and financial data.

Conclusion

Overall, RedTiger showcases the ongoing risk posed by infostealers in the gaming community. As the tool continues to evolve, organizations must adopt comprehensive strategies to detect and mitigate these threats. This summary reflects a timely and factual analysis of RedTiger as detailed in the original blog post.