As i hunting now over an year posted Malware and Suspicious Links here on the Forum and on Discord i wanted to share a Article i found .
Because i guess a lot of Users are using Discord also and they should be knowing that and also how you can remove the Malware when your pc is infected.
AnarchyGrabber is a popular trojan that is commonly spread for free on hacker forums and within YouTube videos that explain how to steal Discord user tokens.
Threat actors then distribute the trojan on Discord, where they pretend it's a game cheat, hacking tool, update for a Wallet or copyrighted software.
This is AnarchyGrabber3, a highly infectious Trojan that steals passwords from Discord profiles,
disables 2FA and in turn spreads (like a Trojan) through direct messages to the friends list with flashy offers (free paid games, free premium software or even free cryptocurrencies).
This Trojan attacks users with the desktop version of Discord.Once the Trojan enters the victim's system, it overwrites the JavaScript file
index.js in the Discord client's path and automatically calls the attacker's machine,
which can log in to your account and remove all the coins.
How to know if you are infected with the AnarchyGrabber3 Trojan?You have go to the path of your hard disk containing the Discord client.
In almost all cases (for Windows users) it is
C:\Users\Your_user\AppData\Roaming\Discord\version\modules\discord_desktop_core.being there, open with an Editor the file
index.js
Check that your file looks like the following picture.
If there are any extra lines of text, your Discord client has probably been compromised by this trojan.
Is there a other Modified Discord client JavaScript file in there .
This file will then load another malicious javascript file called
discordmod.js into the client.
The malicious scripts will then log the user out of the Discord client and prompt them to log in.
Once a victim logs in, the modified Discord client will attempt to disable 2FA on their account.
The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password, and IP address to a Discord channel under the attacker's control.
After the AnarchyGrabber3 executable is run and modifies the Discord client files, it does not stay resident or run again.
Therefore, there is no malicious process for antivirus software to detect, the infected user will continue to be part of the botnet whenever they connect to Discord.
So if there is another line written, besides that "
module.exports = require('./core.asar'); ", quickly disable your internet internet connection,
then go to Control Panel - Add or Remove Programs and uninstall Discord completely.
You should be make some scans with diffrent Antivirus and Malware detecing Software to clean your PC.
After that you can install Discord again or my personal suggestion use the Browser version for Discord.
How you can be get InfectedFor example : You are in a Discord Server Channel from a Project .
One of the Users in channel get infected or the Hacker itself is in there , they sending to every User or randomly a PM to you on Discord .
You dont get a pm directly from the infected User normaly , but can be happend too.
Mostly the User you get the PM has the name like the Project has , lets call it
Wallet update Bot or something similar.
Source : PM from my Discord
In this pm they say you have to update your wallet or your Account or whatever and click the Link .
If you click the link and download it or install there files thats where the magic happens.
You can avoid this if you just delete the PM you have got and dont click or download anything you dont know.
All projects dont PM you with updates and they just write there updates in there one Project Channel.
You dont get infected when you receive the PM
Article , Images and Sources used for this thread are from:https://www.publish0x.com/cryptalk/new-ransomware-attacks-your-discord-account-and-extracts-you-xqokolehttps://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/https://cdn.publish0x.com/prod/fs/images/a804cbb676986e45c959f5060270ece10f484a70c83946c089b0c1bb2ebe58af.pnghttps://cdn.publish0x.com/prod/fs/images/355dbef9f3b5984df03cdb3979a9dc1def0556f205d7f07a138417adb8502e40.pnghttps://www.bleepstatic.com/images/news/malware/d/discord/anarchygrabber3/4n4rchy-folder.pnghttps://twitter.com/malwrhunterteam
