AnarchyGrabber Threatens Discord Users' Security by Stealing Passwords, IDs, Tokens
Some malware strains make the headlines as soon as they appear because they are used in high-profile attacks that cause a lot of damage. The AnarchyGrabber trojan isn't one of them. The malware has been distributed for free on hacking forums for a few months now, but it hasn't really caught the attention of mainstream media because, in its original incarnation, it doesn't really represent that much of a threat to most internet users.
Hackers update AnarchyGrabber and include password-stealing capabilities
Last week, researchers from MalwareHunterTeam discovered a new version of AnarchyGrabber. They passed it on to experts from Bleeping Computer who analyzed it and published a report. It turns out that the hackers have added a few new features to the malware that can turn it into a powerful weapon.
Once again, post-installation, AnarchyGrabber injects some malicious code into one of Discord's JS files. This time, however, the malware isn't after the victim's user token but rather their plaintext password. After the successful installation, AnarchyGrabber logs the victim out of their account and asks them to log back in. The trojan records the email address and password and collects other information like the login name, the user token, and the victim's IP. All this is sent to a Discord channel controlled by AnarchyGrabber's operators. When the user logs in successfully, the trojan also tries to disable two-factor authentication.
AnarchyGrabber's new version is extremely stealthy
We've yet to see whether AnarchyGrabber manages to evade detection from some of the popular anti-malware solutions. What is certain is that if your security product doesn't detect it, you are very unlikely to learn that you've been hit. According to Bleeping Computer, the only way of knowing whether or not AnarchyGrabber has infected your computer is to check Discord's JS files and see if any modifications have been made to them. This isn't good news because, with AnarchyGrabber's new version, your Discord account isn't the only thing that is put at risk.
Indeed, the only passwords AnarchyGrabber steals is the one for the victims' Discord accounts, but as we all know, password reuse continues to be a problem, and credential stuffing attacks continue to be among the most effective ways of compromising a large number of accounts at many different services.
Up until recently, the people running AnarchyGrabber appeared to be happy with hitting victims' Discord accounts only, but the newly added features suggest that they want to expand their operations now. Users of the communication service should probably bear this in mind.