A new multi-function Python RAT has been discovered targeting gamers through Minecraft. The malware, posing as a legitimate Minecraft client called 'Nursultan Client', uses the Telegram Bot API for command and control. It has capabilities including screenshot capture, webcam access, Discord token theft, and URL opening on victim machines. The malware attempts to persist on Windows systems but has flaws in its implementation. It specifically targets Discord authentication tokens and performs system reconnaissance. The use of Telegram for C2 and the focus on gamers suggests a Malware-as-a-Service model, with the author likely selling customized versions to other threat actors.