INSUBCONTINENT EXCLUSIVE:
A new variant of the AnarchyGrabber malware has been discovered by MalwareHunterTeam which modifies Discord client files in order to evade
detection and steal user accounts every time someone logs into the popular chat service.The malware is distributed on hacking forums and in
YouTube videos to allow cybercriminals to steal user tokens for a logged-in Discord user once it is executed
These user tokens are then uploaded back to a Discord channel under the attacker's control where they can be collected and used to log in as
their victims.The original version of AnarchyGrabber comes in the form of an executable that can easily be detected by security software and
only has the ability to steal tokens while it is running.However, a newer version of the malware has been altered to avoid detection and
establish persistence on a user's machine.In an effort to make it more difficult for antivirus software to detect the malware and to offer
persistence, a hacker has updated AnarchyGrabber to modify the JavaScript files used by the Discord client to inject its code every time it
runs.The new version of the malware has been dubbed AnarchyGrabber2 and when executed, it will modify Discord's index.js file to inject
JavaScript created by its developer.The new changes to the malware allow it to run additional malicious JavaScript files every time a user
Once a user who has the AnarchyGrabber2 running on their system logs into Discord, the scripts will use a webhook to post the victim's user
original malware executable is deleted, the client files will already be modified
Security software has a hard time detecting these client modifications which allows the code to remain on a user's machine without them even
knowing their accounts are being stolen.Until Discord decides to add client integrity into its software, Discord accounts will continue to
be at risk from AnarchyGrabber2 and other malware that modifies client files.Via BleepingComputer
