Β
Β
Β
Vortex is a specialized Discord Malware & token stealer detection platform built from the ground up to identify malicious token stealers with surgical precision. Unlike traditional antivirus solutions that flag everything suspicious, Vortex uses dynamic behavioral analysis to distinguish between legitimate tools (game cheats, mods, trainers) and actual Discord token theft malware.
β‘ THIS IS NOT A TOKEN stealer β IT DETECTS THEM β‘
|
π¬ Traditional Antivirus - Flags game cheats as malware
- High false positive rate
- Generic threat detection
- No Discord-specific analysis
- Pattern-based only |
β‘ Vortex Detection Engine + Ignores legitimate game tools
+ ~2% false positive rate
+ Token stealer specialized
+ Discord behavior profiling
+ Multi-layer dynamic analysis |
Every file goes through 7 independent analysis layers before final verdict. Each layer specializes in different threat indicators. |
Free Tier
Premium Credits
|
|
Analyst Track (Reputation) Hunter Track (Detections) |
Three Rankings
Real-time global standings with automatic badge awards on milestone completion. |
Earn Points By:
Track your impact on the global threat database. |
| Method | What It Does | When Used |
|---|---|---|
| Static Analysis | Examines file without execution | All files |
| YARA Rules | Pattern matching for known stealer signatures | Executables |
| CAPA | Capability detection (registry, network, Discord paths) | PE files |
| VirusTotal | Cross-reference with 70+ antivirus engines | New files |
| Hybrid Analysis | Cloud-based behavioral sandbox | Suspicious files |
| Dynamic Sandbox | Controlled execution monitoring | High-risk files |
| AI Verdict | Machine learning final decision | All scans |
RAR/ZIP β Scan archive integrity first
β
If SAFE β Extract and scan contents individually
β
If SUSPICIOUS β Flag without extraction (prevents payload detonation)
- Supported formats: EXE, DLL, RAR, ZIP, 7Z, TAR, GZ, and 40+ more file types
- Hash tracking: Every file hash saved to global database
- Duplicate detection: Instant results for previously scanned files
Vortex DETECTS stealers β it is NOT one itself.
However, to perform dynamic behavioral analysis (Sandbox method), Vortex must execute files in a controlled environment. This is why you MUST use a VM.
|
π’ Required Setup (MANDATORY) Environment : Virtual Machine (VMware/VirtualBox)
Discord App : MSI App Player with FAKE account
Token : Use throwaway/burner Discord account
Network : Isolated or monitored VM network
Snapshot : Create VM snapshot before scanning |
π΄ DO NOT - Run on your main system
- Use real Discord account in VM
- Scan files with real token logged in
- Ignore VM setup instructions
- Share config.json (contains API keys) |
When Vortex runs Sandbox analysis, it executes the file to observe behavior. If the file IS a token stealer and you're running Vortex on your main machine with your real Discord account logged in, the stealer WILL steal your token.
VM Setup Guide: Complete VM Configuration Instructions
# 1. Download Vortex.exe from official sources
# 2. Set up VM with Discord (fake account)
# 3. Run Vortex.exe inside VM
# 4. Create account (no VPN during registration)
# 5. Configure API keys (VirusTotal, Hybrid Analysis, OpenRouter)
# 6. Start scanning filesgraph TD
A[Upload File] --> B{File in Database?}
B -->|Yes| C[Instant Result<br/>Free: 1 credit<br/>Premium: 0 credits]
B -->|No| D[7-Layer Analysis Begins]
D --> E[Layer 1: Static Analysis]
E --> F[Layer 2: YARA Scanning]
F --> G[Layer 3: CAPA Detection]
G --> H[Layer 4: VirusTotal Cross-Ref]
H --> I[Layer 5: Hybrid Analysis]
I --> J{High Risk?}
J -->|Yes| K[Layer 6: Sandbox Execution]
J -->|No| L[Layer 7: AI Verdict]
K --> L
L --> M[Final Verdict + Hash Storage]
M --> N{stealer Detected?}
N -->|Yes| O[π¨ THREAT - Badge +1 Detection]
N -->|No| P[β
SAFE - Badge +1 Reputation]
|
|
- Game cheats and trainers (unless they contain token stealers)
- Modded clients for games
- Automation tools
- Cracked software (malware-free)
- Custom executables without Discord theft behavior
Vortex won't flag your GTA V mod menu or Valorant skin changer β unless they're hiding a token stealer.
|
π‘οΈ What Vortex Collects Account:
- Username (changeable)
- Hardware ID (device binding)
- IP address (registration + anti-VPN)
Scans:
- File hash (SHA-256)
- Scan timestamp
- Verdict result
- Layer outputs (anonymous) |
π What Vortex Protects Security:
- API keys encrypted locally
- Hardware-locked accounts
- VPN allowed post-registration
- No file content stored
- Debugger = instant ban
Files:
- Only hash stored permanently
- Metadata for analysis
- No file re-distribution |
Β Β
Β Β
| Topic | Where to Ask |
|---|---|
| Setup Issues | Discord Server β #support |
| False Positive Report | GitHub Issues |
| Feature Requests | Discord Server β #suggestions |
| Account Problems | Discord DM to @blaze0089 |
This tool is designed for:
β
Analyzing files you own or have permission to scan
β
Educational and research purposes
β
Personal device security auditing
β
Community threat intelligence sharing
This tool is NOT for:
β Scanning files without authorization
β Reverse engineering proprietary software
β Distributing or sharing malware samples
β Bypassing anti-cheat or DRM systems
The creator is not responsible for misuse. Use responsibly and legally.
Is Vortex itself a token stealer?
NO. Vortex detects token stealers β it is not one. However, it executes files in a Sandbox to analyze behavior, which is why you must use a VM with a fake Discord account.
Why do I need to run Discord with a fake account?
Vortex monitors Discord process behavior during Sandbox analysis. If the scanned file attempts to interact with Discord (token theft, webhook injection, etc.), Vortex catches it. Use a burner/fake account so if a file IS malicious, it steals a worthless token.
Will my game cheats be flagged?
No β unless they contain token-stealing functionality. Vortex is trained to ignore legitimate game modifications, trainers, and cheats. Traditional AVs flag these; Vortex doesn't.
Can I get banned for using Vortex?
Discord cannot detect Vortex usage. However, attaching a debugger to Vortex results in an instant permanent account ban (no appeal).
How are duplicates handled?
If a file's hash exists in the database:
- Free users: Still uses 1 daily scan credit
- Premium users: Costs 0 credits, instant result
What happens if I scan a RAR/ZIP?
Step 1: Vortex scans the archive container itself
Step 2: If SAFE β Extract and scan each file inside
Step 3: If SUSPICIOUS β Flag immediately without extraction
This prevents accidental execution of packed malware payloads.
Analysis Engine: Python 3.11+
Static Analysis: YARA, CAPA, PEfile
Dynamic Analysis: Custom Sandbox (Windows VM)
AI/ML Engine: OpenRouter API (Claude/GPT models)
Cross-Reference: VirusTotal API, Hybrid Analysis API
Database: PostgreSQL (hash storage)
Frontend: Custom GUI (Electron-based)
Backend: FastAPI + WebSockets
| Feature | Status | ETA |
|---|---|---|
| Linux Support | π Planned | Q2 2025 |
| macOS Support | π Planned | Q3 2025 |
| Browser Extension Scanning | π Planned | Q2 2025 |
| Mobile App (Android/iOS) | π Considering | TBD |
| Custom YARA Rule Upload | π Considering | TBD |
| Public API Access | π Premium Only | Q4 2025 |
Built by: blaze0089
Powered by: VirusTotal, Hybrid Analysis, OpenRouter, YARA, CAPA
Community: Discord Server Contributors
Special thanks to everyone who reported false positives and helped improve detection accuracy.
Proprietary Software β All Rights Reserved
This is closed-source commercial software. The executable is provided for personal use under the terms outlined in the Guide Site.
- β Personal use allowed
- β Scanning your own files
- β Redistribution prohibited
- β Reverse engineering prohibited (instant ban)
- β Commercial use without license
