{"id":8870,"date":"2020-05-26T02:08:59","date_gmt":"2020-05-25T23:08:59","guid":{"rendered":"https:\/\/forklog.media\/?p=8870"},"modified":"2020-05-27T00:53:05","modified_gmt":"2020-05-26T21:53:05","slug":"discord-focused-malware-anarchygrabber-evolves-now-attacking-users-direct-contacts","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/discord-focused-malware-anarchygrabber-evolves-now-attacking-users-direct-contacts\/","title":{"rendered":"Discord-Focused Malware AnarchyGrabber Evolves, Now Attacking Users\u2019 Direct Contacts"},"content":{"rendered":"<p>An updated version of the AnarchyGrabber trojan has begun circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users\u2019 passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim\u2019s contacts, Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/discord-client-turned-into-a-password-stealer-by-updated-malware\/\">reported<\/a> on May 24.<\/p>\n<p><!--more--><\/p>\n<p>AnarchyGrabber is a malicious program that particularly targets Discord users. Once installed, the malware is capable of initiating damaging activities in a victim\u2019s computer system, stealing personal data, spying on its victims, and manipulating the system\u2019s processes, among other things.<\/p>\n<h2><b>AnarchyGrabber Continues to Develop, Posing New Threats<\/b><\/h2>\n<p>The malware has already been around for some time, and mostly <a href=\"https:\/\/iandroid.eu\/anarchygrabber\/\">affected<\/a> users\u2019 account main points, transferring the collected tokens to third-party servers, as well as changed device folders. What is important, the trojan can evade detection as it modifies the JavaScript document of the app, and conceal its functions from a user\u2019s antivirus software.<\/p>\n<p>Bad actors distribute AnarchyGrabber on Discord disguising it as a game cheat, hacking tool, or copyrighted software. Last week, the community detected a new version of the malware dubbed AnarchyGrabber3.<\/p>\n<p>The modified version\u2019s features now enable cybercriminals to steal users\u2019 plain text password and command an infected client to spread the malicious program to a victim\u2019s contacts on Discord.<\/p>\n<p>To achieve this, the malware loads a slew of malicious JavaScript files into the client, which eventually logs the user out of the Discord client. \u201cOnce a victim logs in, the modified Discord client will attempt to disable 2FA on their account. The client then uses a Discord webhook to send the user&#8217;s email address, login name, user token, plain text password, and IP address to a Discord channel under the attacker&#8217;s control,\u201d Bleeping Computer further explained.<\/p>\n<p>The modified client then runs commands received from the attacker, wherein one of those commands orders the modified client to send a message\u2014that contains malware within it\u2014 to all of the logged-in user\u2019s friends.<\/p>\n<h2><b>Communication Apps Fall Victim to Increased Hacker Attacks<\/b><\/h2>\n<p>Hacker attacks on communication applications have gained traction in recent months given people\u2019s growing demand for staying in touch with friends and relatives amid the coronavirus pandemic.<\/p>\n<p>Most recently, researchers <a href=\"https:\/\/forklog.com\/en\/zoom-users-fall-victim-to-personal-data-stealing-malware-research-says\/\">found two new malware files<\/a> disguised as installers for the communication app Zoom. Once downloaded and installed, one of the malicious files that mimics the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely. The other file installs the so-called Devil Shadow botnet in devices.<\/p>\n<p>Also, a group of cybersecurity researchers <a href=\"https:\/\/forklog.com\/en\/hackers-can-impersonate-bluetooth-devices-to-steal-users-personal-data-is-this-a-threat-to-you\/\">detected a severe security vulnerability in Bluetooth-based communication<\/a> that can potentially enable bad actors to impersonate any Bluetooth master or slave device, earlier in May. The probe showed that during BIAS attacks criminals can obtain all sorts of data, according to the device that the attacker is impersonating.<\/p>\n<p>Meanwhile, Google is <a href=\"https:\/\/gizmodo.com\/looks-like-google-messages-might-finally-be-getting-end-1843642040\">planning to implement<\/a> end-to-end encryption into its communication app, Google Messages. This will apparently keep third-parties from message tampering.<\/p>\n<p><i>Written by Ana Alexandre<\/i><\/p>\n<p><b>Follow us on\u00a0<\/b><a href=\"https:\/\/twitter.com\/forklogmedia\"><b>Twitter<\/b><\/a><b>\u00a0and\u00a0<\/b><a href=\"https:\/\/www.facebook.com\/forklogmedia\"><b>Facebook<\/b><\/a><b>\u00a0and join our\u00a0<\/b><a href=\"https:\/\/t.me\/forklogmedia\"><b>Telegram channel<\/b><\/a><b>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An updated version of the AnarchyGrabber trojan has begun circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users\u2019 passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim\u2019s contacts, Bleeping Computer reported on May 24.<\/p>\n","protected":false},"author":6,"featured_media":8872,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,43,100],"class_list":["post-8870","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-hackers","tag-malware"],"aioseo_notices":[],"amp_enabled":true,"views":"2697","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=8870"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8870\/revisions"}],"predecessor-version":[{"id":8873,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8870\/revisions\/8873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/8872"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=8870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=8870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=8870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}