RedTiger is a new malware targeting gamers on Discord, particularly focusing on French users. Developed as an open-source Python tool for security testing, cybercriminals have repurposed it to steal sensitive information. The malware primarily targets Discord accounts and browser databases, extracting authentication tokens, usernames, emails, and payment information saved within the app. It can also capture data from various sources, including browsers, cryptocurrency wallets, game files, and even webcam images. Once installed on a device, RedTiger operates in two stages. First, it collects stolen data, compresses it, and uploads it to a file-sharing site called GoFile. Simultaneously, it alerts the attacker via a Discord webhook, providing a download link and key information about the victim’s system. The malware employs sophisticated evasion techniques, shutting down when it detects security tools and flooding the system with random files and processes to obscure its activity. It also has a persistence mechanism, ensuring it runs automatically on startup across different operating systems, although its functionality on Linux and macOS is not fully realized yet. Experts highlight that RedTiger exemplifies a trend where legitimate tools are misused for malicious purposes. Mayank Kumar from DeepTempo emphasizes the importance of multi-factor authentication (MFA) to protect against credential theft. Analysts warn users to be cautious about downloading software from unverified sources to avoid falling victim to these types of attacks.