New Discord malware threatens password security.

Popular chat app, Discord, recently became a target of a common and recently updated trojan called AnarchyGrabber, resulting in theft of passwords and user tokens. The trojan is spread by threat actors, entities that are responsible for breaches in company and personal security, who distribute it on Discord claiming that it is a game hacking software or pirated software. This leads to people turning off their antivirus temporarily to install what they think is just harmless software. Once installed, the trojan steals the user’s account token which then allows the attacker to log in to Discord using the victim’s account. The attacker then have access to all the victim’s private messages and servers.

Passwords and private messages at risk.

The new updates to the trojan allow the attacker to steal the victim’s plain text password and spread the trojan to the victim’s friend’s list. By stealing the plain text passwords, the attacker can use those passwords in an attempt to gain access to the victim’s accounts on other websites. When the malicious software is installed, it forces the user to log out and then when they log back in the Discord client will use a webhook to send all the user’s account details to the attacker. The modified Discord client will also react to commands sent by the attacker, one such command tells all the hacked Discord accounts to spread the malware to all the user’s contacts. Most of the time the victims wont even know that they have been infected, because once the trojan has run and modified the user’s Discord client, it doesn’t run again. This means that there is no activity for an antivirus to pick up on.

Check if you’re infected or not

To make sure that you have not been infected, open Notepad and then click File – > Open.

Copy and paste the following text into the dialogue box and press open.

%AppData%Discord[version]modulesdiscord_desktop_coreindex.js

Once open, make sure that there has been no modification made to the file. An unmodified file should contain a line saying “module.exports = require(‘./core.asar’);”. If your file has anything other than this, the only way to remove it is to uninstall Discord entirely and then reinstall it. It is recommended that you also then change your password for Discord and any other account that you use the same log in details for. Going forward it is best that you be extra cautious when opening files from anyone on discord, and let as many people know about this Trojan as you can.

For your convenience, Computer World has retail outlets in Hillcrest and Pietermaritzburg

For the best computer deals, whether online or in-store, visit Computer World today.

Hillcrest
35 Richdens Village Centre, 59-61 Old Main Rd
031 765 4438

Pietermaritzburg
Parklane Shopping Centre, 12 Chief Albert Luthuli St
033 342 5801

OR SHOP ONLINE – www.computer-world.co.za

If you are seeking value-added, cost-effective, practical and efficient business or personal application solutions utilizing all available technology look no further than Computer World

Prices are subject to change.
While stocks last.
Terms and Conditions Apply.
Some Specials Only Apply to Online Purchases.

More Posts