A new malware program that steals Discord’s login credentials has been discovered, an updated and more sneaky version of a previously known threat.
Anarchy Grabber is a malware that steals login credentials – the cryptographically signed files that keep you logged into a service so you don’t have to enter the password every time you do something – from the popular Discord chat app.
Bleeping Computer reports that a new variant of Anarchy Grabber, called Anarchy Grabber2, has been discovered. The old variant is distributed as a program that is running in the background and can therefore be easily stopped by antivirus software, but the new one modifies a text file inside Discord and causes the program itself to run unwanted java script code.
If a user has accidentally run Anarchy Grabber 2 and then logs into Discord, the program sends the login token to a Discord channel owned by the hackers behind the malware program.
Although antivirus software is updated and removing the Anarchy Grabber 2 code itself, the modified text file remains in Discord.
The problem is that Discord does not sign its own code and checks that it has not been modified, writes Bleeping Computer. If the program checked the hash sums of all files, modifications like these would be detected and stopped.