May 8, 2024

A new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators , has a characteristic of Anarchy Grabber

This malware is distributed via drive-by download, it is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information. The malware sends information back to the attacker via webhook as a chat message to his Discord server.

The malware was distributed via Discord in 97.8% of detected infections, “with small numbers distributed via anonfiles.com and anonymousfiles.io, services that allow users to upload files anonymously and free for generating a public download link.”

The TroubleGrabber attack kill chain leverages both Discord and Github as repository for next stage payloads that is downloaded to the C:/temp folder once a victim is infected with the malware.

TroubleGrabber payloads steal victims’ credentials, including system information, IP address, web browser passwords, and tokens

This malware originator currently runs a Discord server with 573 members, and hosts next stage payloads and the malware generator’s on their public GitHub account.

Caution must !

Tags:

1 thought on “Trouble grabber (_)⚙️

  1. Pingback: TheCyberThrone Most Favorite Stories of 2021 - TheCyberThrone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Tinyproxy Critical Vulnerability – CVE-2023-49606

May 7, 2024

Nvidia addresses Critical Vulnerability in Triton -CVE-2024-0087

May 6, 2024

Synlab Italia suffers a cyber incident

May 5, 2024

TheCyberThrone Security Week In Review – May 04, 2024

May 4, 2024

Microsoft initiative in response to CSRB

May 4, 2024

Aruba fixes several Critical Vulnerabilities

May 3, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading