Expert On AnarchyGrabber Trojan Update Stealing Discord Clients Passwords

Hackers have updated the AnarchyGrabber trojan to a new version which is capable of stealing passwords and user tokens, disabling 2FA and spreading malware to a victim’s friends as well.

AnarchyGrabber is distributed for free on hacking forums and in YouTube videos and the trojan is used by cybercriminals on Discord who claim it is a game cheat, hacking tool or copyrighted software. Instead it modifies the Discord client’s JavaScript files to turn it into malware that can steal a victim’s Discord user token which is then used by an attacker to log into the popular chat service as the victim.

Experts Comments

May 29, 2020
Dr. Muhammad Malik
Editor-in-Chief
Information Security Buzz
This popular Trojan malware has been updated by hackers to modify the chat platform Discord client’s %AppData%\m\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation and this will give the malware ability to load JavaScript files. The updated AnarchyGrabber trojan has the capability to steal passwords and user tokens on this popular chat platform, spreading all kinds of malware to a victim’s friends and disabling 2FA as well. The user can checked if.....Read More
This popular Trojan malware has been updated by hackers to modify the chat platform Discord client’s %AppData%\m\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation and this will give the malware ability to load JavaScript files. The updated AnarchyGrabber trojan has the capability to steal passwords and user tokens on this popular chat platform, spreading all kinds of malware to a victim’s friends and disabling 2FA as well. The user can checked if they are infected by opening the %AppData%\Discord\[version]\modules\discord_desktop_core\ \index.js file and confirm it ONLY contain this code: “module.exports = require(‘./core.asar’);”. If any other code is present, the user is infected. In this case the user should uninstall Discord client from the machine, run the endpoint protection tools such as Anti-virus and install the updated version of Discord Client. It is best security practice to download the software from the official vendor website.  Read Less
May 27, 2020
Michael Barragry
Operations Lead and Security Consultant
Edgescan
Although previous versions have been blocked by anti-virus, newer versions appear to have been able to bypass anti-virus signature detection. Clients which have a dependency upon Javascript are especially attractive targets for attackers given the versatility that Javascript offers. Registered users should examine the Discord Javascript index.js file as outlined in the linked article for signs of infection. If infection is found to be present, users should consider their account as good as.....Read More
Although previous versions have been blocked by anti-virus, newer versions appear to have been able to bypass anti-virus signature detection. Clients which have a dependency upon Javascript are especially attractive targets for attackers given the versatility that Javascript offers. Registered users should examine the Discord Javascript index.js file as outlined in the linked article for signs of infection. If infection is found to be present, users should consider their account as good as compromised. Additionally, all users should maintain an up to date anti-virus solution as part of their personal security best practice.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.