{"id":14561,"date":"2020-05-25T00:13:25","date_gmt":"2020-05-24T22:13:25","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14561"},"modified":"2020-05-25T00:13:25","modified_gmt":"2020-05-24T22:13:25","slug":"new-malware-steals-discord-passwords","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/25\/new-malware-steals-discord-passwords\/","title":{"rendered":"New Malware steals Discord Passwords"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/05\/25\/neue-malware-stiehlt-discord-passwrter\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Small information for blog readers who use Discord service. Cyber criminals modify the AnarchyGrabber malware so that it can be used to harvest passwords in Discord. A new feature can also infect other friends of the victim. <\/p>\n<p><!--more--><\/p>\n<h2>What is Discord?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/fe701f2d21aa42d8817d0570fa5c5c22\" width=\"1\" height=\"1\">Discord (also called Discordapp) is an online service for instant messaging, chat, voice and video conferencing, which was created mainly for computer players. Discord can be used as a web application or with proprietary client software on all common operating systems. Discord claims to have more than 250 million registered users.  <\/p>\n<h2>What is AnarchyGrabber?<\/h2>\n<p>AnarchyGrabber is a malware which was developed to steal the discord access data of the victims. AnarchyGrabber is often distributed for free in hacker forums and YouTube videos. Cyber criminals try to spread the Trojan on Discord as 'cheat for games', hacking tool or protected software. I had already reported on such an approach in the German blog post <a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/04\/malware-verwandelt-discord-client-in-trojaner\/\" target=\"_blank\" rel=\"noopener noreferrer\">Malware verwandelt Discord-Client in Trojaner<\/a> in early April 2020. <\/p>\n<h2>New Password-Stealer AnarchyGrabber3<\/h2>\n<p>Bleeping Computer reports in the following tweet that cyber criminals are now stealing passwords with a modified AnarchyGrabber3 malware. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Discord client turned into a password stealer by new malware &#8211; <a href=\"https:\/\/twitter.com\/LawrenceAbrams?ref_src=twsrc%5Etfw\">@LawrenceAbrams<\/a><a href=\"https:\/\/t.co\/d9tVW7PTm3\">https:\/\/t.co\/d9tVW7PTm3<\/a><\/p>\n<p>\u2014 BleepingComputer (@BleepinComputer) <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1264548763588321285?ref_src=twsrc%5Etfw\">May 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve2207ad71eb6740ec9407a8840fbbebd6\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>While this is nothing fundamentally new. But the thread actors behind the new malware have modified it in such a way that the AnarchyGrabber3 grabber not only extracts passwords in plain text but also tokens. In addition, the two-factor authentication is deactivated and the malware can be distributed to friends of the victim via a command. It can be detected, that an AnarchyGrabber3 is installed, because it the file's: <\/p>\n<p>%AppData%\\Discord\\Discord\\[version]\\modules\\discord_desktop_core\\index.js <\/p>\n<p>content of the Discord client has been modified. Other JavaScript files of the malware are loaded there. For example, an <em>inject.js<\/em> is loaded from the new 4n4rchy folder. In the unmodified version of the <em>index.js<\/em> there is probably only one command:<\/p>\n<p>modules.exports = require('.\/core.asar');<\/p>\n<p>If other commands are found there, there is a high probability of infection. Further details can be found at<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/discord-client-turned-into-a-password-stealer-by-updated-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\"> Bleeping Computer<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Small information for blog readers who use Discord service. Cyber criminals modify the AnarchyGrabber malware so that it can be used to harvest passwords in Discord. A new feature can also infect other friends of the victim.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[244,69,1544],"class_list":["post-14561","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-malware","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14561"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14561\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}