Someone tried to DM me malware on Discord pretending it was a "game" they wanted my feedback on. It's a credential stealer that posts its results on Discord using webhooks. Found the webhooks and reported them. I could also delete the webhooks, too, since I have the auth tokens, but I think that might tip off the script kiddy. They also left their GitHub username embedded in their malware, so I know who they are, too.
Reminds me of the early days of credential-stealing malware. Their FTP login details were in plain sight. After I had a look around and saw banking details I called my bank and spoke to one of their security folks. It mysteriously disappeared soon after; I didn't get the impression the skiddie covered their tracks very well.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!