Gamers Beware: Stealthy Malware Steals Your Discord Password And Attacks Your Friends
by Lee MathewsIn just five short years, Discord’s popularity with gamers has soared. Today, Discord has 250 million registered users and around 15 million of them active on any given day... which is why it’s become a popular target for cybercriminals.
One persistent threat that has plagued Discord for some time is AnarchyGrabber. It’s a particularly stealthy trojan that can steal users’ credentials and authentication tokens.
MalwareHunterteam spotted an updated version of AnarchyGrabber this week. It can now steal unencrypted passwords and send them back to the attacker. It also actively seeks new victims by targeting a user’s friends on Discord.
The malware is fairly good at avoiding detection, too. AnarchyGrabber works by modifying JavaScript code that the Discord client loads when it starts up. Once that code is modified, the malware itself more or less vanishes.
Making matters worse, its creators have made the AnarchyGrabber code freely available and tutorials are easy to find on streaming video sites. That makes it trivial for even relatively unskilled hackers to launch attacks.
At first glance the potential damage caused by AnarchyGrabber might seem fairly low. There’s more at risk than users getting locked out of their Discord accounts, however.
A single stolen password will continue to have a dangerous ripple effect as long as there are people re-using passwords across different apps and services.
How To Check Discord For Infection
Fortunately for Discord users it’s not hard to spot AnarchyGrabber’s meddling. BleepingComputer points out that a single file holds the key.
On a Windows computer, you’ll find that file here: %AppData%\Discord\[version]\modules\discord_desktop_core\index.js. Open the file with Notepad and search for the text “module.exports.”
If there’s more than a single line in the file, AnarchyGrabber has likely dug in its claws. To clean up the damage, uninstall Discord and reinstall it using the link from the official download page.