MrBeast Discord Scam hits Pakistan as hackers use fake giveaways to steal data
Why this matters: local context for readers following news across Pakistan and the region.
ISLAMABAD – If you open Discord today and see a message claiming you have won thousands of dollars through Mr Beast giveaway, you need to be alert, as behind the promise of easy money lies a sophisticated cyber scam that is now spreading across the world, including Pakistan, stealing accounts, passwords and sensitive personal data from unsuspecting users. The scam begins with messages sent from Discord accounts. Users get messages that they have won thousands of dollars in rewards, credits or giveaways allegedly associated with MrBeast, one of the world’s most recognizable online personalities. To make the claims appear legitimate, scammers use fabricated screenshots carrying MrBeast’s name, image and branding. Victims are then redirected to fraudulent websites where they are asked to pay processing fees, taxes or VIP upgrade charges before claiming the promised rewards. Experts said the campaign poses risks beyond financial fraud. The operation is also being used to spread information-stealing malware designed to collect browser data, saved passwords and account credentials from infected devices. The malware targets authentication cookies stored in web browsers. Once obtained, these cookies can allow attackers to gain access to accounts without entering passwords, enabling unauthorized access through already active user sessions. Even two-factor authentication (2FA) may not always prevent account compromise if attackers successfully hijack a victim’s authenticated session. The campaign is part of a broader cybercriminal ecosystem in which malware developers create and sell malicious tools to other threat actors. These tools are commonly distributed through cracked software, pirated applications, gaming cheats and downloads from unverified sources. Stolen credentials and session data are often aggregated into databases and sold to other cybercriminals, creating opportunities for further fraud and account takeovers. Cybersecurity experts urged users to avoid sto