Hackers are now using the popular chat app Discord to find potential victims and infect their computers with dangerous information-stealing malware.

According to a new blog post from cybersecurity firm Trend Micro, hackers are now exploiting Discord's content delivery network (CDN) to host and spread the "Lumma Stealer" malware. At the same time, they are using the chat app's API to create bots that can communicate with and remotely control the malware.

First detected last August, Lumma Stealer is a malware written in C that steals user names, passwords, and other sensitive data from infected PCs. The malware is currently leased by its creator to other hackers as Malware-as-a-Service for $250 per month. However, with Lumma Stealer's highest-priced plan, hackers have access to the malware's source code and can modify it to make it more suitable for attacks.

Lumma Stealer was previously used to target YouTube users through spear-phishing emails, but Trend Micro security researchers have observed a new campaign targeting Discord users using this malware strain

The best gaining user is the one who is the most active on Discord.

Whether you use Discord to play games with friends on your best gaming PC or have children who often use this popular chat app with friends at home, this new Lumma Stealer campaign is one you cannot ignore.

The hackers behind this campaign typically use random Discord accounts to send direct messages to potential victims in order to avoid detection. However, since a compromised Discord account is also used for this purpose, it is possible that a message from one of your friends could be from a hacker.

However, regardless of which type of Discord account is used to contact you, the messages sent by the hackers behind this campaign remain the same. Basically, they are reaching out to potential victims and asking for their cooperation on a project in the name of having it tested. For your time, you will be paid $10 through PayPal or sent a Discord Nitro Boost that allows you to purchase special perks and features for a particular server.

According to the hackers, young gamers are likely to fall for this scam, as it takes only four to five minutes to test a project and leave a review. However, before testing can begin, the hacker sends a malicious link that downloads an installation file containing the Lumma Stealer malware.

Once executed, the malware attempts to steal not only funds from crypto wallets, but also sensitive data such as usernames and passwords stored in the victim's browser. With your credentials in hand, the hackers behind this new Lumma Stealer campaign can take over your accounts, commit fraud, and potentially steal your identity.

For this particular Lumma Stealer campaign, Trend Micro recommends that all Discord users be aware of unexpected or unsolicited direct messages from unknown senders.

As with emails, you should avoid opening links or downloading attachments from unknown senders that arrive in Discord's message center. However, be aware that opening links that appear on public Discord servers may direct you to phishing sites or other dangerous sites.

Use the best antivirus software to protect your PC from malware and other online threats. However, if your budget is limited, Windows Defender is Microsoft's free antivirus that comes preinstalled on all Windows PCs.

As with Facebook and other popular online services, hackers will likely continue to exploit Discord and its features in their attacks. Therefore, one should remain vigilant online and avoid clicking on suspicious links or downloading files from people they do not know personally.