October 4, 2023

A new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators , has a characteristic of Anarchy Grabber

This malware is distributed via drive-by download, it is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information. The malware sends information back to the attacker via webhook as a chat message to his Discord server.

The malware was distributed via Discord in 97.8% of detected infections, “with small numbers distributed via anonfiles.com and anonymousfiles.io, services that allow users to upload files anonymously and free for generating a public download link.”

The TroubleGrabber attack kill chain leverages both Discord and Github as repository for next stage payloads that is downloaded to the C:/temp folder once a victim is infected with the malware.

TroubleGrabber payloads steal victims’ credentials, including system information, IP address, web browser passwords, and tokens

This malware originator currently runs a Discord server with 573 members, and hosts next stage payloads and the malware generator’s on their public GitHub account.

Caution must !

1 thought on “Trouble grabber (_)⚙️

Leave a Reply

%d bloggers like this: