A large scale cybercrime campaign targeting Discord users in Pakistan has compromised thousands of accounts through a fake MrBeast themed cryptocurrency giveaway scam. Reports emerging from local Discord communities indicate that the operation has affected a significant number of users, although the exact number of compromised accounts remains unconfirmed. The campaign has caused serious disruption for online communities, with one reported incident involving a hijacked account being used to delete an entire Discord server, permanently removing messages, media files, and community records, forcing members to rebuild the server from scratch.
The scam typically spreads through direct messages sent from already compromised Discord accounts. Victims receive messages that appear to come from trusted friends, claiming they have won thousands of dollars in free credits on a gambling or cryptocurrency platform. These messages often include fabricated screenshots featuring the name and image of popular YouTube creator MrBeast to create a sense of legitimacy. Recipients are directed to fraudulent crypto or casino websites that promise large rewards but require users to pay verification fees, VIP upgrade charges, or other payments before claiming their winnings. Those who make the payments receive nothing in return.
Cybersecurity researchers note that many victims never interact with the fraudulent websites at all. Instead, their Discord accounts are compromised through infostealer malware that silently infects their computers. The malware is commonly distributed through cracked software, pirated applications, gaming cheats, modified game files, and fake verification downloads. Research from threat intelligence firm Flare found that gaming cheats and pirated software account for 55 percent of all infostealer infections, highlighting how cybercriminals frequently disguise malware as software users intentionally seek. Once installed, the malware collects browser passwords, autofill information, authentication tokens, and session cookies. These cookies allow attackers to access active Discord sessions without requiring passwords or additional authentication, effectively bypassing traditional security controls. Security researchers from DarkOwl describe stolen session cookies as one of the most valuable components within modern stealer logs because they provide direct access to online accounts and services without triggering login verification processes.
The campaign reflects a broader global rise in infostealer activity. According to SOCRadar’s Identity Threat Landscape Report 2026, stealer log datasets analyzed this year contain more than 4.6 billion records impacting approximately 809 million unique users worldwide. The third quarter of 2025 alone produced 1.19 billion stolen records, marking the highest quarterly figure recorded to date. Separate industry research estimates that infostealers were responsible for stealing 1.8 billion credentials globally during 2025. SOCRadar also identified Pakistan, alongside Egypt and Vietnam, as countries sharing risk characteristics that make them attractive targets for cybercriminal groups distributing infostealer malware. Investigators explain that the operation is driven by an organized cybercrime ecosystem in which malware developers offer Infostealer tools through Malware as a Service subscriptions that can cost as little as $100 per month. Criminal groups distribute the malware through compromised downloads and game modifications, while automated systems use stolen Discord accounts to send fraudulent giveaway messages to entire friend lists, expanding the infection cycle. Researchers have also observed stolen credentials appearing for sale on dark web marketplaces and Telegram channels within as little as 48 hours after infection.
The scam has expanded beyond Discord and now leverages multiple social media platforms. Research conducted by cybersecurity firm Vanishinbox documented fake MrBeast giveaways promoted through YouTube advertisements featuring AI generated deepfake video and audio. Similar content has also appeared on TikTok and Instagram Reels, where short form videos impersonate the creator to attract victims. Researchers believe these tactics have become more effective because advances in artificial intelligence allow cybercriminals to closely replicate the voice and appearance of well known personalities while distributing scams through trusted accounts rather than obvious bot profiles. Security experts recommend avoiding cracked software, pirated applications, and game cheats from untrusted sources, using dedicated password managers instead of storing credentials directly in web browsers, and deploying reputable security software capable of detecting malware and suspicious browser activity. Users whose Discord accounts begin sending unsolicited messages or displaying unusual behavior are advised to treat the activity as a confirmed compromise and take immediate action to secure their systems and online accounts.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
