May 27, 2020 By David Bisson 2 min read

Security researchers observed the “AnarchyGrabber3” malware modifying the Discord client to steal its victims’ plaintext passwords.

As reported by Bleeping Computer, a threat actor released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This Trojan variant modified a Discord client’s %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation so it could load JavaScript files. It first loaded inject.js, a script that then called in discordmod.js. Together, these two scripts logged the victim out of the client and prompted them to reauthenticate themselves.

The modified client preyed upon its victims by attempting to disable two-factor authentication (2FA) on their accounts. It then stole various information from the victim including their login name, email address and even their plaintext password. Simultaneously, the client listened for commands sent by the attacker. One of those orders instructed the client to send a message to a victim account’s friends, thereby helping to spread the malware to even more Discord users.

A Look Back at AnarchyGrabber

The emergence of AnarachyGrabber3 marks the latest development in a still-nascent family of malware. It was back in November 2019 when security researchers such as MalwareHunterTeam first spotted the malware using a Discord webhook to steal victims’ tokens and send them off to its handlers. In April 2020, Bleeping Computer learned of a new variant of the threat that modified the Discord client so that it could evade detection while stealing user accounts.

Defend Against an Infostealing Discord Client

AnarchyGrabber highlights the dangers of users reusing their passwords across multiple accounts. If the malware preyed upon employees who had reused their Discord passwords across multiple sites, for instance, attackers could authenticate themselves on these services and abuse that access to commit identity theft, perpetrate credit fraud or conduct a series of other secondary attacks.

In light of those risks, security professionals should lead the charge in their organizations to discourage users from reusing their passwords. They should leverage ongoing security awareness training to teach the workforce about this security best practice. Simultaneously, teams should augment their employees’ account security by requiring them to activate multifactor authentication (MFA) whenever it’s an available option. Threats such as AnarchyGrabber3 might attempt to disable that layer of protection, but they might not be successful. This feature could also help to safeguard employees’ account access when confronted by less sophisticated threats.

More from

ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers

4 min read - AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence (AI) jump into the top five list of security skills.It’s not just the need for workers with security-related AI skills. The Workforce Study also takes a deep dive into how the 16,000 respondents think AI will impact cybersecurity and job roles overall, from changing skills approaches to creating generative AI (gen AI) strategies.Budgets…

Why do software vendors have such deep access into customer systems?

4 min read - To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go it alone.Today, the software supply chain interconnects companies across a wide range of industries. Software applications and operating systems depend on segments of the software…

How CTEM is providing better cybersecurity resilience for organizations

4 min read - Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.The importance of developing cybersecurity resilienceRegardless of the industry, all organizations are subject to certain…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today