Fake Discord software could steal your account, infect your PC
AnarchyGrabber malware used to steal Discord user accounts
Malware targeting Discord user accounts has been discovered by security researchers.
Uncovered by MalwareHunterTeam, the new variant of the AnarchyGrabber malware modifies Discord client files in order to evade detection and steal user accounts every time someone logs into the popular chat service.
The malware is distributed on hacking forums and in YouTube videos to allow cybercriminals to steal user tokens for a logged-in Discord user once it is executed. These user tokens are then uploaded back to a Discord channel under the attacker's control where they can be collected and used to log in as their victims.
- Malware strains using coronavirus to avoid detection
- How to get rid of spyware forever
- Raccoon malware affects all browsers
The original version of AnarchyGrabber comes in the form of an executable that can easily be detected by security software and only has the ability to steal tokens while it is running.
However, a newer version of the malware has been altered to avoid detection and establish persistence on a user's machine.
AnarchyGrabber2
In an effort to make it more difficult for antivirus software to detect the malware and to offer persistence, a hacker has updated AnarchyGrabber to modify the JavaScript files used by the Discord client to inject its code every time it runs.
The new version of the malware has been dubbed AnarchyGrabber2 and when executed, it will modify Discord's index.js file to inject JavaScript created by its developer.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The new changes to the malware allow it to run additional malicious JavaScript files every time a user opens Discord. Once a user who has the AnarchyGrabber2 running on their system logs into Discord, the scripts will use a webhook to post the victim's user token to the attacker's Discord channel along with the message “Brought to you by The Anarchy Token Grabber”.
Unfortunately, even if the original malware executable is deleted, the client files will already be modified. Security software has a hard time detecting these client modifications which allows the code to remain on a user's machine without them even knowing their accounts are being stolen.
Until Discord decides to add client integrity into its software, Discord accounts will continue to be at risk from AnarchyGrabber2 and other malware that modifies client files.
- Our choice of the best antivirus software around today
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.