URGENT UPDATE: A new wave of malware, known as VVS Stealer, has emerged, specifically targeting Discord users by exploiting fake error messages. Security experts from Palo Alto Networks have confirmed that this Python-based threat has been active since at least April 2025, posing a significant risk to millions of gamers and online users.
VVS Stealer operates by presenting victims with a deceptive “Fatal Error” message, tricking them into rebooting their systems. Once activated, the malware modifies Discord files and downloads malicious scripts directly into app folders, granting attackers access to private messages, billing information, and even the ability to intercept login credentials.
What makes VVS Stealer particularly dangerous is its capacity to infiltrate not only Discord but also popular web browsers like Chrome, Edge, Brave, and Opera. It stealthily steals saved passwords, cookies, and autofill data, while simultaneously taking screenshots of the victim’s desktop. The stolen information is compiled into a file named USERNAME_vault.zip and transmitted to hackers using webhooks, disguised under a standard Chrome User-Agent string to evade detection.
This malware isn’t merely a one-off attack; it’s marketed like a subscription service on Telegram, with prices ranging from €10 for a week to €199 for a lifetime license. Researchers believe a French-speaking individual, along with associates known as Rly and 93R, is behind this operation, with Rly having a long-standing presence on Discord and GitHub since 2015.
VVS Stealer is programmed to remain active until October 31, 2026, making it an urgent threat that users must be aware of. If you encounter a strange error message, do not restart your computer immediately; it could be a ploy by VVS Stealer to infiltrate your system.
Stay vigilant and protect your accounts. Share this news to alert others in your network before it’s too late.
