How to Identify and Clean Discord ‘AnarchyGrabber3’ Malware
A fairly new piece of malware has appeared on Discord. The software, dubbed “AnarchyGrabber3”, logs you out of the application and captures your Discord credentials – email address, login name and password – when you try to login again. To add insult to injury, it even disables your two-factor authentication if you’ve previously used it to protect your account.
The malware sends this information to the Discord channel that the attacker pre-configured to receive it. And as Bleeping Computer points out , your attacker can also order malware to send all your friends on Discord a fraudulent download link, prompting them to infect their systems. And it’s all! This is a fairly subtle hack that you will probably only notice if you can no longer log into your Discord account or receive a 2FA challenge request when logging in from a new device, even if you know you have previously turned on. 2FA. …
It is easy to avoid AnarchyGrabber3
If there is any good news about this malware – an updated version of a previous (and fairly popular) Trojan horse program – then removing and reinstalling Discord will fix it. The malware won’t connect to your system; it only changes Discord config to load malicious javascript when it runs. Reinstall Discord and this changed setting will be gone. You are free!
Of course, by that time the damage could already have been done. If you suspect you are hurt, Bleeping Computer’s Lawrence Abrams advises you to check the Discord configuration files:
“If you are concerned that you might be infected, you can open % AppData% \ Discord \ [version] \ modules \ discord_desktop_core \ index.js with Notepad and make sure there are no changes to the files.
A normal unmodified file will have the following single line:
module.exports = require('./core.asar');If your client has something else and you didn’t intentionally make any changes, chances are your client is infected. “
If so, uninstall and reinstall Discord first. After that , set up two-factor authentication again and change your password to one that you don’t use on any other site or service. And if you’ve used your now-compromised email / username and password combination elsewhere, you’ll want to change them immediately. As always, a password manager is a great way to make sure you’re using unique login credentials, and a valuable verification tool to make sure you haven’t used the same password in multiple places.
How to avoid AnarchyGrabber3 in the first place
Since AnarchyGrabber3 is usually spread via malicious downloads, the golden rules still apply on Discord. If someone sent you a link and you weren’t expecting it, or it looks suspicious, don’t click on it. If the image looks like it’s a link from, say, a video, make sure you take a look at the tiny text under the “video title” that will tell you if you’re really going to download the file. (The loading icon in the upper right corner of the picture should also be a great clue.)
And, as always, do not run files that have appeared on your system (due to erroneous loading). Don’t save or run files from people you don’t know. Don’t download anything that you haven’t asked for, and be extremely careful when you are about to ask forhacks /cheats /hacks , etc. (explicit disguise).