Discord Turned Into an Account Stealer by Updated Malware

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,159
Content source
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.

AnarchyGrabber is a popular malware distributed on hacking forums and in YouTube videos that steals user tokens for a logged-in Discord user when the malware is executed.

These user tokens are then uploaded back to a Discord channel under the attacker's control where they can be collected and used by the threat actor to log in as their victims.

The original version of the malware is in the form of an executable that is easily detected by security software and only steals tokens while it is running.

To make it harder to detect by antivirus software and to offer persistence, a threat actor has updated the AnarchyGrabber malware so it modifies the JavaScript files used by the Discord client to inject its code every time it runs. [....]
Click to expand...
MalwareHunterTeam, who found this new variant and shared it with us, told BleepingComputer that "skids are sharing them everywhere."

What makes these Discord client modifications such a problem is that even if the original malware executable is detected, the client files will be modified already.

As security software does such a poor job detecting these client modifications, the code will stay resident on the machine without the user even knowing their accounts are being stolen.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: struppigel, Mercenary, plat and 10 others
SumTingWong

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,716
  • Like
Reactions: plat and bayasdev
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Same here its safe, i dont want to uninstall it there are my friends on :( i hate when that happened!
 
  • Like
Reactions: plat
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Ah i forgot that! thank you, its time to uninstall it...
 
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,776
I still don't understand the vector of delivery for these attacks. is it still malicious links, or chat bombing with malicious code? You could just uninstall and reinstall every time you use it.
 
  • Like
Reactions: Protomartyr
P

Protomartyr

Level 7
Sep 23, 2019
314
@blackice It's basically users installing things they shouldn't.

Threat actors then distribute the trojan on Discord, where they pretend it's a game cheat, hacking tool, or copyrighted software.

Once installed, past versions of the trojan modify the Discord client's JavaScript files to turn it into a malware that would steal a victim's Discord user token.

Using this stolen user token, the attacker can log in to Discord as the victim.
Click to expand...
 
  • Like
  • Thanks
Reactions: CyberTech, blackice, SeriousHoax and 1 other person
P

Protomartyr

Level 7
Sep 23, 2019
314
If you're not click happy, then you should be safe.
All the Discord servers I'm in are moderated and vet their members. However, I can see this being a problem in public discords where anyone can join in and are click happy.
 
  • Like
Reactions: blackice
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,776
Protomartyr said:
If you're not click happy, then you should be safe.
All the Discord servers I'm in are moderated and vet their members. However, I can see this being a problem in public discords where anyone can join in and are click happy.
Click to expand...
I haven’t had discord installed since it first came out. I didn’t really use it. Definitely seems like a dangerous place for people who like to click links.
 
  • Like
Reactions: Protomartyr
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,776
Oten said:
Good to know but has it been fixed now?
Haven't use Discord in a while. Last time i use it is for coordinating a guild war in online game.
Click to expand...
Sounds like the answer is no. Discord does not do an integrity check, which is what bleepingcomputer keeps recommending. However you have to get an infected file and execute it to become a victim of this. So it depends on what type of risky behaviors you have.
 
  • Like
  • +Reputation
Reactions: struppigel, Protomartyr, Gandalf_The_Grey and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Sad
    • +Reputation
ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges
Replies
1
Views
970
News Archive
Shadowra
Shadowra
Gandalf_The_Grey
    • Like
    • Applause
Security News Discord will switch to temporary file links to block malware delivery
Replies
1
Views
1,869
Security News
Seandc33
S
P
    • Like
    • Thanks
    • Wow
Discord Breached Via Hack of Third-Party Support Agent
Replies
1
Views
1,175
News Archive
Zero Knowledge
Z

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top