There’s a fairly new piece of malware making the rounds on Discord. Dubbed “AnarchyGrabber3,” the software logs you out of the app and captures your Discord credentials—email, login name, and password—when you try to log back in. To add insult to injury, it even disables your two-factor authentication, if you’ve previously used it to protect your account.
The malware sends this information to a Discord channel that your attacker previously set up to receive it. And, as Bleeping Computer notes, your attacker can also command the malware to message all of your Discord friends with a scammy download link, encouraging them to infect their systems. And that’s it! It’s a fairly undetectable hack, which you’d likely only notice if you can’t log into your Discord account anymore or haven’t been prompted with a 2FA challenge when logging in with a new device, even though you know you previously enabled 2FA.
[referenced url=”” thumb=”” title=”” excerpt=””]
Avoiding AnarchyGrabber3 is easy
If there’s any good news to be had from this malware—an updated version of a previous (and fairly popular) trojan horse program—it’s that uninstalling and reinstalling Discord eliminates it. The malware doesn’t hook into your system; it only modifies Discord’s configuration to load malicious javascript when you launch it. Reinstall Discord and this tweaked setting goes away. You’re free!
Of course, the damage might have already been done at that point. If you suspect you’ve been affected, Bleeping Computer’s Lawrence Abrams advises you to check your Discord configuration files:
“If you are concerned that you may be infected, you can open the %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file with Notepad and make sure there are no modifications to the files.
A normal, unmodified file, will have the following single line in it:
module.exports = require(‘./core.asar’);If your client has anything else, and you have not intentionally made modifications, your client is most likely infected.”
If so, uninstall and reinstall Discord first. After that, set up two-factor authentication again and change your password to something that you don’t use on any other site or service. And if you have used your now-compromised email/user name and password combination in other places, you’ll want to change those immediately. As always, a password manager is a great way to ensure you’re using unique login credentials and a valuable tool for checking to make sure you haven’t used the same password in multiple places.
How to avoid AnarchyGrabber3 in the first place
Since AnarchyGrabber3 typically spreads through malicious downloads, the golden rules still apply on Discord. If someone sends you a link and you weren’t expecting it, or it looks fishy, don’t click on it. If an image looks like it’s a link to, say, a video, make sure you’ve taken a peek at the tiny text below the “video name,” which will tell you if you’re actually about to download a file. (The download icon in the graphic’s upper-right corner should also be a big clue.)
And, as always, don’t run files that appeared on your system (from a mistaken download). Don’t save and run files from people you don’t know. Don’t download anything you didn’t ask for, and be extremely wary when you’re going out soliciting for hacks/cheats/cracks/whatever, because that tiny little file you get over Discord could very well be malware (in a pretty obvious disguise).
Leave a Reply
You must be logged in to post a comment.