How to Identify and Clean AnarchyGrabber3 Discord Malware

Screenshot: David Murphy

Avoiding AnarchyGrabber3 is simple
If theres any great news to be had from this malware– an updated variation of a previous (and relatively popular) trojan horse program– its that re-installing and uninstalling Discord removes it. The malware does not hook into your system; it only modifies Discords setup to load destructive javascript when you launch it. Reinstall Discord and this tweaked setting disappears. Youre complimentary!

Theres a relatively new piece of malware making the rounds on Discord. Called “AnarchyGrabber3,” the software application logs you out of the app and catches your Discord qualifications– email, login name, and password– when you try to log back in. To include insult to injury, it even disables your two-factor authentication, if youve formerly utilized it to safeguard your account.

The malware sends this information to a Discord channel that your assailant previously established to get it. And, as Bleeping Computer notes, your opponent can also command the malware to message all of your Discord friends with a scammy download link, encouraging them to infect their systems. Whichs it! Its a relatively undetectable hack, which you d likely just see if you cant log into your Discord account anymore or have not been triggered with a 2FA obstacle when visiting with a new device, even though you know you formerly enabled 2FA.

G/O Media may get a commission

Naturally, the damage may have already been done at that point. If you presume youve been impacted, Bleeping Computers Lawrence Abrams encourages you to examine your Discord setup files:

If so, uninstall and reinstall Discord. As constantly, a password supervisor is a fantastic method to guarantee youre using unique login credentials and an important tool for checking to make sure you havent utilized the same password in numerous locations.
How to prevent AnarchyGrabber3 in the very first location.
Because AnarchyGrabber3 typically spreads out through harmful downloads, the golden rules still apply on Discord. If someone sends you a link and you werent anticipating it, or it looks fishy, dont click on it. If an image appears like its a link to, say, a video, make sure youve taken a peek at the tiny text listed below the “video name,” which will tell you if youre in fact about to download a file. (The download icon in the graphics upper-right corner ought to likewise be a big hint.).

Theres a fairly brand-new piece of malware making the rounds on Discord. And, as Bleeping Computer notes, your aggressor can likewise command the malware to message all of your Discord good friends with a scammy download link, motivating them to contaminate their systems. If theres any good news to be had from this malware– an upgraded version of a previous (and fairly popular) trojan horse program– its that reinstalling and uninstalling Discord eliminates it. The malware doesnt hook into your system; it only customizes Discords configuration to load harmful javascript when you launch it. Do not download anything you didnt ask for, and be extremely wary when youre going out getting for hacks/cheats/cracks/ whatever, because that tiny little file you get over Discord might really well be malware (in a pretty obvious camouflage).

And, as always, do not run files that appeared on your system (from an incorrect download). Do not conserve and run files from individuals you dont know. Do not download anything you didnt request, and be incredibly wary when youre going out obtaining for hacks/cheats/cracks/ whatever, because that tiny little file you get over Discord might very well be malware (in a quite obvious disguise).

A typical, unmodified file, will have the following single line in it:
module.exports = need(./ core.asar);.
If your client has anything else, and you have not purposefully made adjustments, your customer is most likely contaminated.”.