Discord-Focused Malware AnarchyGrabber Evolves, Now Attacking Users’ Direct Contacts

News and Analysis

An updated version of the AnarchyGrabber trojan has begun circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users’ passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim’s contacts, Bleeping Computer reported on May 24.

AnarchyGrabber is a malicious program that particularly targets Discord users. Once installed, the malware is capable of initiating damaging activities in a victim’s computer system, stealing personal data, spying on its victims, and manipulating the system’s processes, among other things.

AnarchyGrabber Continues to Develop, Posing New Threats

The malware has already been around for some time, and mostly affected users’ account main points, transferring the collected tokens to third-party servers, as well as changed device folders. What is important, the trojan can evade detection as it modifies the JavaScript document of the app, and conceal its functions from a user’s antivirus software.

Bad actors distribute AnarchyGrabber on Discord disguising it as a game cheat, hacking tool, or copyrighted software. Last week, the community detected a new version of the malware dubbed AnarchyGrabber3.

The modified version’s features now enable cybercriminals to steal users’ plain text password and command an infected client to spread the malicious program to a victim’s contacts on Discord.

To achieve this, the malware loads a slew of malicious JavaScript files into the client, which eventually logs the user out of the Discord client. “Once a victim logs in, the modified Discord client will attempt to disable 2FA on their account. The client then uses a Discord webhook to send the user’s email address, login name, user token, plain text password, and IP address to a Discord channel under the attacker’s control,” Bleeping Computer further explained.

The modified client then runs commands received from the attacker, wherein one of those commands orders the modified client to send a message—that contains malware within it— to all of the logged-in user’s friends.

Communication Apps Fall Victim to Increased Hacker Attacks

Hacker attacks on communication applications have gained traction in recent months given people’s growing demand for staying in touch with friends and relatives amid the coronavirus pandemic.

Most recently, researchers found two new malware files disguised as installers for the communication app Zoom. Once downloaded and installed, one of the malicious files that mimics the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely. The other file installs the so-called Devil Shadow botnet in devices.

Also, a group of cybersecurity researchers detected a severe security vulnerability in Bluetooth-based communication that can potentially enable bad actors to impersonate any Bluetooth master or slave device, earlier in May. The probe showed that during BIAS attacks criminals can obtain all sorts of data, according to the device that the attacker is impersonating.

Meanwhile, Google is planning to implement end-to-end encryption into its communication app, Google Messages. This will apparently keep third-parties from message tampering.

Written by Ana Alexandre

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , ,