The newest version of the AnarchyGrabber is even more sophisticated and capable of doing a lot more damage than its predecessors. This new variant is capable of stealing passwords and user tokens, disable 2FA, and even spreading malware to the near and dear ones of the victims.
Distributed as a freebie across hacker forums and also found in YouTube videos that explain ways to nab users of their tokens of discord, AnarchyGrabber is a VoIP application and a digital distribution platform. The Trojan is being distributed on discord, disguised as a hacking tool, game cheat, or copyrighted software. Once the Trojan is installed, it alters the discord client’s JavaScript files and converts them into a malware capable of stealing the victims Discord user tokens.
Hussle at the backend.
The new modified version of AnarchyGrabber is capable of stealing the victim’s plain text passwords and even command them to spread the malware to their friends and beloveds. With the help of these stolen passwords, cybercriminals can plan a credential stuffing attack to undermine other digital accounts that the victim owns. The malware tweaks the discord client’s files to stack JavaScript files added by the AnarchyGrabber3.
When Discord is started it loads a particular file named inject.js, which further loads another spiteful javascript file called discord.js into the given client. The malignant file then prompts the user to log in to their account once again after logging them out. Once the victim takes the bait and falls for this trap then the modified discord client disables 2FA on their account and sends the users email address, user token, login name, plain text password, and IP address to a discord channel controlled by the attacker. This type of malware can easily be spread other types of malware to people who are digitally in touch with the victim.
Impact of the AnarchyGrabber
- Gaming applications like Discord have become a target for cybercriminals deploying information-stealing malware like the AnarchyGrabber due to its massive userbase.
- Since it does not leave the footprint of any malicious activity for an antivirus to detect, the users who are affected find it difficult to notice the malicious activity in the background.
- The malware can be repurposed by any threat actors to target other popular apps as well.
Getting Rid of the AnarchyGrabber.
The malware highlights the perils of using the same password across multiple digital accounts. The AnarchyGrabber doesn’t hook into the system but just alters the Discords configuration to launch a malicious JavaScript once the user launches it. The only way to abolish in case of infection is to uninstall the discord client and re-install it.
To read more, please check eScan Blog