A new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators , has a characteristic of Anarchy Grabber
This malware is distributed via drive-by download, it is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information. The malware sends information back to the attacker via webhook as a chat message to his Discord server.
The malware was distributed via Discord in 97.8% of detected infections, “with small numbers distributed via anonfiles.com and anonymousfiles.io, services that allow users to upload files anonymously and free for generating a public download link.”
The TroubleGrabber attack kill chain leverages both Discord and Github as repository for next stage payloads that is downloaded to the C:/temp folder once a victim is infected with the malware.
TroubleGrabber payloads steal victims’ credentials, including system information, IP address, web browser passwords, and tokens
This malware originator currently runs a Discord server with 573 members, and hosts next stage payloads and the malware generator’s on their public GitHub account.
Caution must !