October 4, 2023

A new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators , has a characteristic of Anarchy Grabber

This malware is distributed via drive-by download, it is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information. The malware sends information back to the attacker via webhook as a chat message to his Discord server.

The malware was distributed via Discord in 97.8% of detected infections, “with small numbers distributed via anonfiles.com and anonymousfiles.io, services that allow users to upload files anonymously and free for generating a public download link.”

The TroubleGrabber attack kill chain leverages both Discord and Github as repository for next stage payloads that is downloaded to the C:/temp folder once a victim is infected with the malware.

TroubleGrabber payloads steal victims’ credentials, including system information, IP address, web browser passwords, and tokens

This malware originator currently runs a Discord server with 573 members, and hosts next stage payloads and the malware generator’s on their public GitHub account.

Caution must !

Tags:

1 thought on “Trouble grabber (_)⚙️

  1. Pingback: TheCyberThrone Most Favorite Stories of 2021 - TheCyberThrone

Leave a Reply

You may have missed

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023
%d bloggers like this: