The new updated version of the AnarchyGrabber trojan can steal passwords and user tokens, disable 2FA, and spread malware to a victim's friends.
The grabber is here
- AnarchyGrabber is distributed as a freebie on hacker forums and also found in YouTube videos that explain ways to nab user tokens of Discord, a VoIP application, and a digital distribution platform.
- The trojan is distributed on Discord, pretending to be a hacking tool, game cheat, or copyrighted software.
There’s a lot more going on in the backend
- The modified version, AnarchyGrabber3, can steal victims’ plain text passwords and command them to spread malware to their friends on Discord.
- Using the stolen plain text passwords, cybercriminals can conduct credential stuffing attacks to undermine victims’ accounts on other sites.
- Once a victim logs in, the modified Discord client disables 2FA on their account, and sends the user's email address, user token, login name, plain text password, and IP address to a Discord channel under the attacker's control.
- The attacker can easily distribute AnarchyGrabber3 to more targets or spread other types of malware.
How to get rid of AnarchyGrabber3?
Impact of AnarchyGrabber
- Due to its massive userbase of over 250 million users, gaming apps like Discord have become a target for hackers deploying information-stealing malware such as AnarchyGrabber.
- Since it does not leave any malicious process for antivirus software to detect, users affected by the malware can find it difficult to notice the malicious activity going on in the background.
- It is likely that a malware like AnarchyGrabber3 could be repurposed by hacker groups to target other poplar apps as well.
Other threats facing Discord users
- In October 2019, CBS News reported that cybercriminals are using private groups on Discord to run retail shops that sell illicit products, including stolen credit card numbers, cracked customer accounts for Delta Air Lines and Hilton Hotels, as well as malware that can be used to infect computer networks.
- In August 2017, Trend Micro observed hackers abusing a vulnerability in Discord to target the players of ROBLOX, a popular game with over 178 million registered accounts and more than 12 million monthly active users.
- Besides, Discord has also been used as a distribution channel by fraudsters to peddle fake game apps to facilitate real-money laundering through online game currencies.