Named AnarchyGrabber3, the Trojan is spread free of cost on hacker forums and on YouTube videos that explain how to steal Discord user tokens.
As per reports, one of the popular Trojan malware has been updated by hackers so that it can steal passwords, user Discord tokens and disables two factor authentication besides spreading to victim’s friends. This is the second update that has reached the Trojan this year after the update it got in April that helped it bypass antivirus software and steal user account details on the Discord chat service. Named AnarchyGrabber3, the Trojan is spread free of cost on hacker forums and on YouTube videos that explain how to steal Discord user tokens, reports Bleeping Computer.
AnarchyGrabber3, in particular, is said to modify the Discord client’s index.js file and load a malicious script called ‘discordmod.js.’ This apparently logs out the user and then asks him/her to log in again. When the victim tries to log in, the malicious script tries to disable the 2FA security layer. This is followed by the use of webhook to extract the user’s email ID, login name, user token, plain text password and IP address to a Discord channel that is controlled by the hacker. It can even perform commands given by the attacker, one of which is to send a message to the victim’s friends, spreading the Trojan malware even more.
While it is difficult for anyone to recognise if the Discord account has been affected AnarchyGrabber3 right away, there is a way to find out. One can open Discord’s index.js file in %AppData%\Discord\[version]\modules\discord_desktop_core with Notepad and check for a line of code that appear like this: “module.exports = require(‘./core.asar’)”. If you can see that, your system is most likely affected.