There is a new version of Anarchy Grabber which steals users passwords, tokens, disable 2FA And can spread to other users (If they install it).
AnarchyGrabber is a popular trojan that is commonly spread for free on hacker forums and within YouTube videos that explain how to steal Discord user tokens.
Attackers then distribute the trojan on Discord, where they pretend it’s a game cheat, hacking tool, or copyrighted software.
Once the program is installed it will maliciously change javascriot files to turn it into a malware that steals the users token. Once the attacker has the users token they are able to log into their account.
The program AnarchyGrabber was updated a few weeks ago to a new version AnarchyGrabber3 this program contains new features can pose a great threat to users.
An attacker can also steal a victim’s plain text password and send the malicious program to a victim’s friends.
How does it work?
When installed, AnarchyGrabber3 will modify the Discord client’s
The malicious scripts will then log the user out of the Discord client and prompt them to log in.
Once a victim logs in, the edited Discord client will try to disable 2FA on the account. The client then uses a Discord webhook to send the user’s email address, login name, user token, plain text password, and IP address to a Discord channel which the attacker has access to
When connected to the Discord, the modified client will also listen for commands sent by the attacker. One of these commands tells hacked Discord clients to send a message to all of the logged in account’s friends that contain malware they wish to spread.
The worst thing about this malware is that most people won’t even know they are infected until it is too late.
After the AnarchyGrabber3 file is run and modifies the Discord client files, It will never run again.
This means that, there is no malicious process for your antivirus software to detect, the infected user will continue to be part of the botnet whenever they connect to Discord.
How do I check to see if I am infected?
Luckily there is an easy way to check to see if your discord client is infected.
%AppData%\Discord\[version]\modules\discord_desktop_core\index.js with Notepad and make sure there are no modifications to the files.
A normal, unmodified file will have the following in it
module.exports = require('./core.asar');
if there is anything else in this file then your discord is infected. The only way to remove the malware is to uninstall your discord and reinstall it.
That’s about it for this blog post. As always if you enjoy my content you can support me by becoming a patreon Here This allows me to make blogging a full-time job and gives me more time to blog as I do not need to get a part-time job. When you become a patreon you unlock perks such as premium support, Custom roles in the discord, Access to bot code and much more. I would highly suggest checking it out.
Thanks for your support Bencey