Reports suggests Discord has so far registered 250 million users and around 15 million of them active on any given day… which is the chief reason among others, why it has become a popular target for cybercriminals especially during this time of the Covid-19 pandemic.
Discord has one persistent threat that has plagued the service for some time now and is AnarchyGrabber. It’s a particularly stealthy trojan that can steal users’ credentials and authentication tokens.
Recently MalwareHunterteam spotted an updated version of AnarchyGrabber. It can now steal unencrypted passwords and send them back to the attacker. It also actively seeks new victims by targeting a user’s friends on Discord.
The malware, known as Abaddon, begins its work by stealing cookies, credit card details, log-in details, discord tokens, and other important information – all of which is used to access the accounts of the victim.
The malware is fairly good at avoiding detection, too. AnarchyGrabber works by modifying JavaScript code that the Discord client loads when it starts up. Once that code is modified, the malware itself more or less vanishes.
How To Spot Infection on Discord
Fortunately for Discord users it’s not hard to spot AnarchyGrabber’s meddling. BleepingComputer points out that a single file holds the key.
On a Windows computer, you’ll find that file here: %AppData%\Discord\[version]\modules\discord_desktop_core\index.js. Open the file with Notepad and search for the text “module.exports.”
If there’s more than a single line in the file, AnarchyGrabber has likely dug in its claws. To clean up the damage, uninstall Discord and reinstall it using the link from the official download page.
