A new version of the AnarchyGrabber Trojan has been spotted that can be used by
threat actors to steal plain text passwords, disable 2FA and even spread the
malware to the friends added on the account of unaware users with infected
clients.

Previous versions of AnarchyGrabber could be used by threat actors to steal
Discord user token to gain access to victims account. According to a report by
BleepingComputer
[https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/] , AnarchyGrabber has recently been updated with more powerful features.

The malware can modify a JavaScript file of Discord client that will allow it to
load additional files from its own folder. When the malicious files are loaded,
the Discord client is compromised and the victim will be forced to log back into
their account.

After an unaware user logs in, the compromised client will try to disable 2FA.
The malware then proceeds to send credentials like email address, login name,
user token, plain text password, and IP address through a webhook to the threat
actor?s Discord channel.

With 2FA disabled and access to credentials, threat actors can access the
victim?s accounts. Additionally, the plain text passwords can be used in
credential-stuffing attacks on victim?s accounts that are on other platforms.

The infected client can also take commands from threat actors to spread
AnarchyGrabber and other types of malware to the friends added on the
compromised account. This command makes the client send a message to all the
friends added on the account that contains malware.

Bleeping Computeradds that the malware is undetectable by antivirus software as
after it compromises the Discord client, its executable stops running. You can
check if your client is infected with this malware by checking the unmodifiable
JavaScript file located at
%AppData%\Discord\[version]\modules\discord_desktop_core\index.js file, enter
this location in Windows Run.

Open the file in Notepad, and the file should have only this one line
?module.exports = require(?./core.asar?)?. Else, your discord client is infected
and to get rid of the malware, simply uninstall Discord and install it again.

Also Read | A massive database of 8 billion Thai internet records leaks
[http://finary.co/tech/a-massive-database-of-8-billion-thai-internet-records-leaks/]

Also Read | Hackers release a new jailbreak that unlocks every iPhone
[http://finary.co/tech/hackers-release-a-new-jailbreak-that-unlocks-every-iphone/]