A popular trojan malware known as AnarchyGrabber has been updated into a new release that has the capability of not only stealing passwords from Discord users but also a whole slew of new threats. BleepingComputer first alerted us to the new release of AnarchyGrabber3 and how to detect if your Discord has been compromised
Not only can the updated version of AnarchyGrabber3 steal the user’s password, it can also disable the user’s two-factor authentication before attempting to spread the malware to those on the user’s friends list. The password itself is stolen in plain text form, so the attackers can easily see a user’s credentials before attempting to use the credentials to compromise accounts on other services. This only a part of why it’s important not to share the same password you use on other sites.
Once the Discord client has been modified, AnarchyGrabber3 doesn’t run again. This can make it difficult for antivirus software to detect the threat, as there are no active malicious processes to spot. By doing so, it can ensure that a victim would remain compromised and active as part of the botnet.
So, how can you check and see if your Discord client has been compromised with AnarchyGrabber3? Fortunately there’s an easy way to detect any modifications and it simply requires the use of Notepad. By navigating to %AppData%\Discord\[version]\modules\discord_desktop_core\index.js and opening it with Notepad, you can check and see if there have been any modifications to the file. A clean index.js file will only feature a single line of code as shown below: module.exports = require(‘./core.asar’);.
Currently, the only method to remove AnarchyGrabber3 is to simply uninstall and reinstall the Discord client, thus ensuring a fresh install of plugins and executable.