In recent reports, hackers have now updated the AnarchyGrabber trojan to allow it to steal passwords and user tokens on the chat platform Discord, spreading all kinds of malware to a victim's friends and disabling 2FA as well.
This is the second update that this trojan received this year following the previous one back in April where it was enhanced to modify some Discord clone files to evade detection from antivirus software while stealing user accounts
Hackers update trojan malware AnarchyGrabber 3 to steal passwords on Discord
The newly updated AnrachyGrabber 3 can easily steal a victim's passwords and even give commands to an infected client to spread malware to their Discord friends. They can also use these stolen passwords to compromise other online accounts as well.
"When a victim logs in, the modified Discord client will try to disable 2FA on their account. The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password, and IP address to a Discord channel controlled by the attacker. The modified client will also listen for commands sent by the attacker once the victim is logged in," Tech Radar added.
These commands can even send messages to all of the victim's friends that also contain malware
This particular trojan is very dangerous because it will be hard for users to know that they have been infected as this executable file does not stay on a user's system after it has completely modified Discord client files.
Fortunately, it is easy to see and check if your system has been infected with AnarchyGrabber3 as long as you follow the simple steps shared by Tech Radar:
"Simply open Discord's index.js file %AppData%\Discord\[version]\modules\discord_desktop_core with Notepad and look for a single line of code that looks like this: "module.exports = require('./core.asar')". If your client contains no other code, then it likely hasn't been infected with the trojan."