Home / Tech / News / Hackers update AnarchyGrabber trojan malware to steal Discord tokens, IDs and passwords

Hackers update AnarchyGrabber trojan malware to steal Discord tokens, IDs and passwords

The threat actors then usually spread the Trojan on Discord, posing it to be a game’s cheat, hacking tool or a copyright software. The threat actors then usually spread the Trojan on Discord, posing it to be a game’s cheat, hacking tool or a copyright software.
The threat actors then usually spread the Trojan on Discord, posing it to be a game’s cheat, hacking tool or a copyright software. (Pixabay)

Named AnarchyGrabber3, the Trojan is spread free of cost on hacker forums and on YouTube videos that explain how to steal Discord user tokens.

As per reports, one of the popular Trojan malware has been updated by hackers so that it can steal passwords, user Discord tokens and disables two factor authentication besides spreading to victim’s friends. This is the second update that has reached the Trojan this year after the update it got in April that helped it bypass antivirus software and steal user account details on the Discord chat service. Named AnarchyGrabber3, the Trojan is spread free of cost on hacker forums and on YouTube videos that explain how to steal Discord user tokens, reports Bleeping Computer.

The threat actors then usually spread the Trojan on Discord, posing it to be a game’s cheat, hacking tool or a copyright software. After the updated version of AnarchyGrabber is installed, it reportedly modifies the Discord client's JavaScript files, essentially making it a malware that steals the user’s Discord token.

Also read: Kaspersky: 83% don’t use password managers, more than half unaware if these have been compromised

AnarchyGrabber3, in particular, is said to modify the Discord client's index.js file and load a malicious script called ‘discordmod.js.’ This apparently logs out the user and then asks him/her to log in again. When the victim tries to log in, the malicious script tries to disable the 2FA security layer. This is followed by the use of webhook to extract the user's email ID, login name, user token, plain text password and IP address to a Discord channel that is controlled by the hacker. It can even perform commands given by the attacker, one of which is to send a message to the victim's friends, spreading the Trojan malware even more.

While it is difficult for anyone to recognise if the Discord account has been affected AnarchyGrabber3 right away, there is a way to find out. One can open Discord's index.js file in %AppData%\Discord\[version]\modules\discord_desktop_core with Notepad and check for a line of code that appear like this: “module.exports = require('./core.asar')”. If you can see that, your system is most likely affected.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.