Discord Client turned into a Password Stealer

WiralTech

Updated on:

Discord

Recently a threat actor turned Discord client into a password stealer by updated malware.

A threat actor updated the AnarchyGrabber trojan that can disable 2FA, steals user tokens and passwords, and spreads malware into the victim’s connections. The new version of AnarchyGrabber is now called as AnarchyGrabber 3.

This new version is more powerful than previous as it can also able to steal plain text passwords and can command an infected client to spread the malware on discord.

Threat actor distributed this trojan on Discord as it’s a game cheat , hacking tool.

Once it is installed into victims client, it will change the Discord javascript files and turn it to steal the password and user token.

At the first AnarchyGrabber3 will modify the Discord client ‘%AppData%\Discord\[version]\modules\discord_desktop_core\index.js‘ file to load the javascript added by malware.

How to check your Discord client is infected?

Open the ‘%AppData%\Discord\[version]\modules\discord_desktop_core\index.js‘ file with any text editor like notepad.

A normal file will have only one following line

module.exports = require('./core.asar');

Other than this line if you see any thing which is not added by you. It is most likely your Discord client is infected.

The only way to get rid of AnarchyGrabber3 is to uninstall and reinstall Discord client again.

For more related content follow us on Twitter, Telegram, Facebook.