AnarchyGrabber Grabbing Discord User Tokens

The new updated version of the AnarchyGrabber trojan can steal passwords and user tokens, disable 2FA, and spread malware to a victim's friends.

The grabber is here

  • AnarchyGrabber is distributed as a freebie on hacker forums and also found in YouTube videos that explain ways to nab user tokens of Discord, a VoIP application, and a digital distribution platform.
  • The trojan is distributed on Discord, pretending to be a hacking tool, game cheat, or copyrighted software.
  • Once installed, the previous versions of AnarchyGrabber alter the Discord client's JavaScript files converting them into malware to steal a victim’s Discord user token.

There’s a lot more going on in the backend

  • The modified version, AnarchyGrabber3, can steal victims’ plain text passwords and command them to spread malware to their friends on Discord.
  • Using the stolen plain text passwords, cybercriminals can conduct credential stuffing attacks to undermine victims’ accounts on other sites.
  • Once installed, the malware tweaks the Discord client’s file to stack the JavaScript files added by AnarchyGrabber3.
  • When Discord is started, it loads a file named inject.js, which further loads another spiteful javascript file called discordmod.js into the client. The malicious scripts log out the user from the Discord client and prompt them to log in.
  • Once a victim logs in, the modified Discord client disables 2FA on their account, and sends the user's email address, user token, login name, plain text password, and IP address to a Discord channel under the attacker's control.
  • The attacker can easily distribute AnarchyGrabber3 to more targets or spread other types of malware.

How to get rid of AnarchyGrabber3?

The malware underlines the dangers of reusing passwords across multiple accounts. AnarchyGrabber3 doesn’t hook into your system. It only alters Discord’s configuration to load malicious javascript once you launch it. If you are infected, the only way to abolish AnarchyGrabber3 is to uninstall the Discord client and re-install it.

Impact of AnarchyGrabber

  • Due to its massive userbase of over 250 million users, gaming apps like Discord have become a target for hackers deploying information-stealing malware such as AnarchyGrabber.
  • Since it does not leave any malicious process for antivirus software to detect, users affected by the malware can find it difficult to notice the malicious activity going on in the background.
  • It is likely that a malware like AnarchyGrabber3 could be repurposed by hacker groups to target other poplar apps as well.

Other threats facing Discord users

  • In October 2019, CBS News reported that cybercriminals are using private groups on Discord to run retail shops that sell illicit products, including stolen credit card numbers, cracked customer accounts for Delta Air Lines and Hilton Hotels, as well as malware that can be used to infect computer networks.
  • In August 2017, Trend Micro observed hackers abusing a vulnerability in Discord to target the players of ROBLOX, a popular game with over 178 million registered accounts and more than 12 million monthly active users.
  • Besides, Discord has also been used as a distribution channel by fraudsters to peddle fake game apps to facilitate real-money laundering through online game currencies.