KurayStealer is an injurious threat that targets Discord users and aims to obtain sensitive information from the infected systems. According to researchers, KurayStealer was created using a simple malware builder that was advertised by a Discord user going as 'Portu.' In addition, the author of the threat has taken liberal inspiration and actual code from other similar password stealers. However, if deployed successfully, the effectiveness of KurayStealer allows it to harvest passwords, tokens, IP addresses, and additional data from popular products, such as Discord, Chrome, Microsoft Edge and 18 other applications.
When it is first executed, the stealer will check if its operators are running the free version or the paid (VIP) one. Its next step is to detect the extended version of Discord known as BetterDiscord, which offers expanded functionality for developers. KurayStealer will then substitute the 'api/webhooks' string with 'Kisses.' Doing so, allows the attackers to set up their own webhooks. Webhooks are a mechanism through which Web pages and applications can transmit real-time data to each other via HTTP. This transfer of data can be carried out automatically, without first needing a request from the recipient. The data obtained by KurayStealer will be sent to the attackers via created webhooks.