Security researchers observed the “AnarchyGrabber3” malware modifying the Discord client to steal its victims’ plaintext passwords.

As reported by Bleeping Computer, a threat actor released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This Trojan variant modified a Discord client’s %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation so it could load JavaScript files. It first loaded inject.js, a script that then called in discordmod.js. Together, these two scripts logged the victim out of the client and prompted them to reauthenticate themselves.

The modified client preyed upon its victims by attempting to disable two-factor authentication (2FA) on their accounts. It then stole various information from the victim including their login name, email address and even their plaintext password. Simultaneously, the client listened for commands sent by the attacker. One of those orders instructed the client to send a message to a victim account’s friends, thereby helping to spread the malware to even more Discord users.

A Look Back at AnarchyGrabber

The emergence of AnarachyGrabber3 marks the latest development in a still-nascent family of malware. It was back in November 2019 when security researchers such as MalwareHunterTeam first spotted the malware using a Discord webhook to steal victims’ tokens and send them off to its handlers. In April 2020, Bleeping Computer learned of a new variant of the threat that modified the Discord client so that it could evade detection while stealing user accounts.

Defend Against an Infostealing Discord Client

AnarchyGrabber highlights the dangers of users reusing their passwords across multiple accounts. If the malware preyed upon employees who had reused their Discord passwords across multiple sites, for instance, attackers could authenticate themselves on these services and abuse that access to commit identity theft, perpetrate credit fraud or conduct a series of other secondary attacks.

In light of those risks, security professionals should lead the charge in their organizations to discourage users from reusing their passwords. They should leverage ongoing security awareness training to teach the workforce about this security best practice. Simultaneously, teams should augment their employees’ account security by requiring them to activate multifactor authentication (MFA) whenever it’s an available option. Threats such as AnarchyGrabber3 might attempt to disable that layer of protection, but they might not be successful. This feature could also help to safeguard employees’ account access when confronted by less sophisticated threats.

More from

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…