May 27, 2020 By David Bisson 2 min read

Security researchers observed the “AnarchyGrabber3” malware modifying the Discord client to steal its victims’ plaintext passwords.

As reported by Bleeping Computer, a threat actor released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This Trojan variant modified a Discord client’s %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation so it could load JavaScript files. It first loaded inject.js, a script that then called in discordmod.js. Together, these two scripts logged the victim out of the client and prompted them to reauthenticate themselves.

The modified client preyed upon its victims by attempting to disable two-factor authentication (2FA) on their accounts. It then stole various information from the victim including their login name, email address and even their plaintext password. Simultaneously, the client listened for commands sent by the attacker. One of those orders instructed the client to send a message to a victim account’s friends, thereby helping to spread the malware to even more Discord users.

A Look Back at AnarchyGrabber

The emergence of AnarachyGrabber3 marks the latest development in a still-nascent family of malware. It was back in November 2019 when security researchers such as MalwareHunterTeam first spotted the malware using a Discord webhook to steal victims’ tokens and send them off to its handlers. In April 2020, Bleeping Computer learned of a new variant of the threat that modified the Discord client so that it could evade detection while stealing user accounts.

Defend Against an Infostealing Discord Client

AnarchyGrabber highlights the dangers of users reusing their passwords across multiple accounts. If the malware preyed upon employees who had reused their Discord passwords across multiple sites, for instance, attackers could authenticate themselves on these services and abuse that access to commit identity theft, perpetrate credit fraud or conduct a series of other secondary attacks.

In light of those risks, security professionals should lead the charge in their organizations to discourage users from reusing their passwords. They should leverage ongoing security awareness training to teach the workforce about this security best practice. Simultaneously, teams should augment their employees’ account security by requiring them to activate multifactor authentication (MFA) whenever it’s an available option. Threats such as AnarchyGrabber3 might attempt to disable that layer of protection, but they might not be successful. This feature could also help to safeguard employees’ account access when confronted by less sophisticated threats.

More from

Cybersecurity risks in healthcare are an ongoing crisis

3 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care.In fact, 88 million individuals have been affected by large breaches of personal health information (PHI), according to the U.S. Department of Health & Human Services. This year, several large healthcare providers have been…

CVE backlog update: The NVD struggles as attackers change tactics

4 min read - In February, the number of vulnerabilities processed and enriched by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) started to slow. By May, 93.4% of new vulnerabilities and 50.8% of known exploited vulnerabilities were still waiting on analysis, according to research from VulnCheck.Three months later, the problem persists. While NIST has a plan to get back on track, the current state of common vulnerabilities and exposures (CVEs) isn't keeping pace with new vulnerability detections. Here's a…

The rising threat of cyberattacks in the restaurant industry

2 min read - The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward. Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today