AnarchyGrabber3 Malware Infects Discord to Steal Passwords
The malware sends the user’s email address, login name, user token, plain text password, and IP address to a Discord channel the hackers control. Stolen passwords can be used in brute force credential attacks and password spraying attacks to break into more valuable accounts. That’s why it is important to use 2FA and a password vault to manage unique log credentials for each account you have.
Infected Discord clients let hacker steal plain text passwords and spread AnarchyGrabber3 malware to Discord friends.
Although easy to spot and mitigate, this Discord malware is special nuisance because the AnarchyGrabber code is shared for free online. It is easy to locate and there are even online tutorials on how to use it.
According to a blog post on Bleeping Computer, “AnarchyGrabber is a popular trojan that is commonly spread for free on hacker forums and within YouTube videos that explain how to steal Discord user tokens. Threat actors then distribute the trojan on Discord, where they pretend it’s a game cheat, hacking tool, or copyrighted software.”
What is Discord?
Discord is a communications application for voice, text, and video. It allows users to stream content in real time. The app is lightweight and easy to use. Discord is popular with gamers, esports, and Twitch streamers. Discord was released in May 2015 on discordapp.com by Hammer & Chisel, a publicly traded company. Google does not own discord.
The app has about 250 million users with 15 million daily active users.
Does Discord Have Malware?
Discord is not a malicious app in itself but has been used by cybercriminals to spread malware, even before the appearance of AnarchyGrabber.
Is the Discord App Safe?
Discord app is safe to use but like all online accounts and apps, security measures should be taken to ensure its safe use. Discord users can enable authenticator apps, and two-factor authentication. Be sure to use a unique hard to guess password for the app that is not usedanywhere else online. AnarchyGrabber is a password stealer. Any account that shares the same email address as the app is vulnerable to hacking if the password is stolen by this infostealer or in another compromised account.
How to Check for AnarchyGrabber Discord Malware
If your Discord app is infected with Discord, it’s fairly easy to clean up your computer, no antivirus app is needed. A post on Bleeping Computer details how to spot AnarchyGrabber and clean up your machine.
How to Remove AnarchyGrabber Malware
- Log in to your Windows Machine
- For your user account on Windows go to %AppData%\Discord\[version]\modules\discord_desktop_core\
- Open the file called index.js. in a text editor. I use SciTE but you can use Notepad which comes with all Windows computers (Just go to the magnifying glass icon on your task bar and type “Notepad”)
- module.exports = require(‘./core.asar’);
How to Remove Discord Malware
If your Discord is infected, then the only recourse is to uninstall it and grab a fresh copy from the official download site. In Windows to add/remove programs and uninstall Discord app. The go to the official Discord website and get a clean download from the official download page.