In recent reports, hackers have now updated the AnarchyGrabber trojan to allow it to steal passwords and user tokens on the chat platform Discord, spreading all kinds of malware to a victim's friends and disabling 2FA as well.
This is the second update that this trojan received this year following the previous one back in April where it was enhanced to modify some Discord clone files to evade detection from antivirus software while stealing user accounts
Read Also : New Coronavirus-Themed Malware Can Disguise as Excel Spreadsheets That Allows Hackers to Access PCs Remotely
Hackers update trojan malware AnarchyGrabber 3 to steal passwords on Discord
Reports from Tech Radar state that "AnarchyGrabber is distributed for free on hacking forums and in YouTube videos and the trojan is used by cybercriminals on Discord who claim it is a game cheat, hacking tool or copyrighted software. Instead it modifies the Discord client's JavaScript files to turn it into malware that can steal a victim's Discord user token which is then used by an attacker to log into the popular chat service as the victim."
The newly updated AnrachyGrabber 3 can easily steal a victim's passwords and even give commands to an infected client to spread malware to their Discord friends. They can also use these stolen passwords to compromise other online accounts as well.
Once the trojan is installed, it will automatically modify the Discord client's index.js file to send additional JavaScript files that include custom inject.js from a 4n4rchy folder along with other malicious files called discordmod.js. These scripts will then log the user out of Discord and then ask them to log back in again.
"When a victim logs in, the modified Discord client will try to disable 2FA on their account. The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password, and IP address to a Discord channel controlled by the attacker. The modified client will also listen for commands sent by the attacker once the victim is logged in," Tech Radar added.
These commands can even send messages to all of the victim's friends that also contain malware
This particular trojan is very dangerous because it will be hard for users to know that they have been infected as this executable file does not stay on a user's system after it has completely modified Discord client files.
Fortunately, it is easy to see and check if your system has been infected with AnarchyGrabber3 as long as you follow the simple steps shared by Tech Radar:
"Simply open Discord's index.js file %AppData%Discord[version]modulesdiscord_desktop_core with Notepad and look for a single line of code that looks like this: "module.exports = require('./core.asar')". If your client contains no other code, then it likely hasn't been infected with the trojan."