Discord is wildly popular with gamers, and it has a wide community base, making it popular with hackers. A new version of AnarchyGrabber is reportedly back on the platform, its users once again.
Forbes noted that Discord has 250 million users, and an average of 15 million are actively online daily. This data makes a cybercriminal’s eye twitch.
A known lurking threat to Discord is AnarchyGrabber. This malware is said to be a “token stealer” and targets users’ credentials.
This week, MalwareHunterteam reportedly found a new version of the malware, which can now “steal unencrypted passwords and send them back to the attacker.”
How does AnarchyGrabber work?
Aside from being able to steal passwords, this type of trojan can disable two-factor authentication and even can target its victims’ friends on Discord, hacking them as well.
But how is the AnarchyGrabber distributed? by purchased “game cheat” or “pirated software.” Once the user uses the purchased content, the trojan can then modify its Javascript files.
Once the affected user logs in to Discord, it loads the “inject.js” from a 4n4rchy folder, which launches the “discordmod.js” on to the chat platform. This will reportedly log the user out, and be prompted to log back in.
With this, the malware will now be capable of disabling the two-factor authentication. After that, the token stealing and credential nabbing begins.
How dangerous can it be?
Well, for one, the 2FA is the most trusted verification process that many sites use. If this is compromised then, all other sites are in grave danger.
It also has the capability to spreads from one user to another, as the trojan can pose as the affected user and send a message. Of course, a trusting user will then open the message, which unknowingly contains the trojan.
It’s hard to detect the AnarchyGrabber as it allegedly doesn’t stay the users’ system. It also doesn’t run again after it modifies the Discord content files.
To check, Bleeping Computer suggests opening this file on Notepad and search for “module.exports”:
%AppData%\Discord\[version]\modules\discord_desktop_core\index.js.
The unmodified file will reportedly have a single line saying “module.exports = require(‘./core.asar’);”
If it contains more than a single line, then the Discord application is indeed affected by AnarchyGrabber.
Unfortunately, the only solution to this is to do a clean install of the chat platform—which means there’s a need to uninstall Discord and download an installer from its official website.
Gamers are advised to use the internet with extreme precaution, as cybercrime is very prominent these days.
Images courtesy of Mika Baumeister, Florian Olivo/Unsplash