R-94456
This looks like a specific discord credential stealer. One scanner calls it Python/DiscordBot.FF another one PYC/Stealer.A.gen!Camelot
The concerning thing is, this is out in the open. Indexed for months now. Even some comments talking about how something is fishy with the description. Why did those commentors not report the fake game? It is of course a horror game, as Itch is a hotspot for people trying out indie horror games.
It also begs the question, why the scanners used by Itch does not catch those things. Oh, I can explain it logically, but emotionally it is outrageous. There is no regular manual review of uploaders or uploaded content and the automatic process might be good, but not good enough. (Oh, I guess they just upload 100 malware and if 5 get indexed they know what the scanners will not recognise. It would be trivial if you think about it. I have also seen malware that did not get recognises at all on that internet scanner that uses 70 different scanners).
Anyways please make the situation better. It is heart breaking to see all those hacked accounts every week, which proves, people do fall for the scams.
And for anyone recognising a scam, please do report it. Itch is abused by scammers all night and day and if no one reports the scams, they will not get removed. My oldest seen scam was two years in the open.
You should give priority to reports from sources that made valid reports in the past. Reports are rare, as seen in the example above. Other people saw that the fake game was suspicous, two even commented. But how many reports did you get on this?
Same as you should deprioritze reports from sources that made invalid reports in the past, to declutter the things staff has to do.
Oh, and there is a "new" method of scamming. It is unattached blog posts with a link to malware on the bottom. Those are harder to report, because there is no report button. Those blog posts are not even searchable. But they do get listed in regular search engines and look somewhat legit, since they are hosted on Itch. Request 219519 has some of those, since it is hard to report them, as blog posts have no report button.