There’s a new piece of malware making the rounds on Discord. “AnarchyGrabber3,” the software logs you out of the app and captures your Discord credentials (email, login name, and password) when you try to log back in. Hackers have updated the AnarchyGrabber trojan to a new version. It is capable of stealing passwords and user tokens. It disables 2FA and spreading malware to a victim’s friends as well.
Everyone’s favorite voice chat app subjected to create a problematic trojan malware. That is rudely stealing passwords from users and then spreading that same malware to a victim’s friends as well. Discord is generally an easy-to-use, free voice and text chat app that’s easy to set up and use with friends. It’s also customizable with plugins, bots, and more. Users can set up their servers or join pre-existing ones. But this latest threat shows how important it is to be cautious when using the program.
Bleeping Computer reports that a trojan known as AnarchyGrabber is not only stealing user’s passwords, but also automatically disabling two-factor authentication. Then it will attempt to trick other users into downloading the malware as well. The trojan initially pitched to users as either a game cheat, hacking tool, copyrighted software, or some other digital treat. Once Discord users fall for the trick, the real nightmares begin.
Passwords snatched by the AnarchyGrabber trojan are acquired as plain text and uploaded to the attacker’s servers. This trojan only needs to run once. It is difficult for antivirus software to detect and combat.
Avoiding Discord Malware AnarchyGrabber3 is Easy
If there’s any good news to be had from this malware is that uninstalling and reinstalling Discord eliminates it. The malware doesn’t hook into your system. It only modifies Discord’s configuration to load malicious javascript when you launch it. Reinstalling Discord will remove this malware’s tweaked settings. You’re free!
How to Check if your Discord is Compromised
If you are concerned that you may be infected, you can open the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file with Notepad and make sure there are no modifications to the files. A normal, unmodified file, will have the following single line in it:
module.exports = require(‘./core.asar’);
Anything beyond that likely suggests you’ve compromised. Fortunately, you can remove the trojan by uninstalling and reinstalling Discord. Then we’d highly recommend updating your passwords, especially if you’ve reused your Discord password elsewhere.
How to Avoid Discord Malware AnarchyGrabber3 in the First Place
Since AnarchyGrabber3 typically spreads through malicious downloads, the golden rules still apply on Discord. If someone sends you a link and you weren’t expecting it, or it looks fishy, don’t click on it. If an image looks like it’s a link to, say, a video, make sure you’ve taken a peek at the tiny text below the “video name,” which will tell you if you’re actually about to download a file. (The download icon in the graphic’s upper-right corner should also be a big clue.)
And, as always, don’t run files that appeared on your system (from a mistaken download). Don’t save and run files from people you don’t know. Don’t download anything you didn’t ask for, and be extremely wary when you’re going out soliciting for hacks/cheats/cracks/whatever, because that tiny little file you get over Discord could very well be malware.
Hi, I’m Mithunraj Kurunthil, an aspiring blogger with an obesession for all things tech. This blog is dedicated to helping people learn about technology.
Pingback: Razer Viper 8KHz, the fastest gaming mouse in the world
Heya i’m for the first time here. I found this board and I find It really useful & it
helped me out much. I hope to give something back and help others like you helped
me.