A Look at a Novel Discord Phishing Attack

Binary Defense ARC Labs documents MalenuStealer, a recently observed infostealer campaign in which attackers use compromised Discord accounts to distribute a faux “game” (encrypted RAR with password) that unpacks to a self-extracting installer; the installer runs an Electron-wrapped, obfuscated JavaScript stealer that kills browsers/messengers, harvests data, and exfiltrates it in a machine-named ZIP. Researchers performed dynamic analysis, identified behavioral TTPs (including Chromium remote-debugging usage and taskkill behavior), and published hunting queries and detections.