1 00:00:01,180 --> 00:00:03,450 hovering the week's top tech stories 2 00:00:03,450 --> 00:00:03,460 hovering the week's top tech stories 3 00:00:03,460 --> 00:00:06,079 hovering the week's top tech stories it's like Linux bias 4 00:00:06,079 --> 00:00:06,089 it's like Linux bias 5 00:00:06,089 --> 00:00:08,370 it's like Linux bias researchers have found an updated 6 00:00:08,370 --> 00:00:08,380 researchers have found an updated 7 00:00:08,380 --> 00:00:10,740 researchers have found an updated version of Anarchy grabber that steals 8 00:00:10,740 --> 00:00:10,750 version of Anarchy grabber that steals 9 00:00:10,750 --> 00:00:13,050 version of Anarchy grabber that steals victims plaintext passwords and infects 10 00:00:13,050 --> 00:00:13,060 victims plaintext passwords and infects 11 00:00:13,060 --> 00:00:15,590 victims plaintext passwords and infects victims friends on discord 12 00:00:15,590 --> 00:00:15,600 victims friends on discord 13 00:00:15,600 --> 00:00:18,480 victims friends on discord detected as Anarchy grabber 3 the new 14 00:00:18,480 --> 00:00:18,490 detected as Anarchy grabber 3 the new 15 00:00:18,490 --> 00:00:21,180 detected as Anarchy grabber 3 the new trojan variant modifies the discord 16 00:00:21,180 --> 00:00:21,190 trojan variant modifies the discord 17 00:00:21,190 --> 00:00:24,180 trojan variant modifies the discord clients javascriptcore upon successful 18 00:00:24,180 --> 00:00:24,190 clients javascriptcore upon successful 19 00:00:24,190 --> 00:00:26,070 clients javascriptcore upon successful installation and this modified version 20 00:00:26,070 --> 00:00:26,080 installation and this modified version 21 00:00:26,080 --> 00:00:28,320 installation and this modified version gives the malware the ability to load 22 00:00:28,320 --> 00:00:28,330 gives the malware the ability to load 23 00:00:28,330 --> 00:00:31,439 gives the malware the ability to load other JavaScript files when the infected 24 00:00:31,439 --> 00:00:31,449 other JavaScript files when the infected 25 00:00:31,449 --> 00:00:33,690 other JavaScript files when the infected disk or client is open the threat loaded 26 00:00:33,690 --> 00:00:33,700 disk or client is open the threat loaded 27 00:00:33,700 --> 00:00:37,950 disk or client is open the threat loaded inject j/s from a new anarchy folder 28 00:00:37,950 --> 00:00:37,960 inject j/s from a new anarchy folder 29 00:00:37,960 --> 00:00:40,470 inject j/s from a new anarchy folder this file loaded another script called 30 00:00:40,470 --> 00:00:40,480 this file loaded another script called 31 00:00:40,480 --> 00:00:42,720 this file loaded another script called discord magis and the two scripts 32 00:00:42,720 --> 00:00:42,730 discord magis and the two scripts 33 00:00:42,730 --> 00:00:45,090 discord magis and the two scripts together logs the user out at which 34 00:00:45,090 --> 00:00:45,100 together logs the user out at which 35 00:00:45,100 --> 00:00:47,280 together logs the user out at which point they are prompted to log back in 36 00:00:47,280 --> 00:00:47,290 point they are prompted to log back in 37 00:00:47,290 --> 00:00:49,799 point they are prompted to log back in the new Anarchy grabber variant then 38 00:00:49,799 --> 00:00:49,809 the new Anarchy grabber variant then 39 00:00:49,809 --> 00:00:51,450 the new Anarchy grabber variant then attempts to disable two-factor 40 00:00:51,450 --> 00:00:51,460 attempts to disable two-factor 41 00:00:51,460 --> 00:00:53,280 attempts to disable two-factor authentication on its victims account 42 00:00:53,280 --> 00:00:53,290 authentication on its victims account 43 00:00:53,290 --> 00:00:55,560 authentication on its victims account and steals information including their 44 00:00:55,560 --> 00:00:55,570 and steals information including their 45 00:00:55,570 --> 00:00:57,900 and steals information including their username plaintext password and user 46 00:00:57,900 --> 00:00:57,910 username plaintext password and user 47 00:00:57,910 --> 00:01:00,420 username plaintext password and user token which it sends to the attackers 48 00:01:00,420 --> 00:01:00,430 token which it sends to the attackers 49 00:01:00,430 --> 00:01:03,600 token which it sends to the attackers own discord server by a web hook the 50 00:01:03,600 --> 00:01:03,610 own discord server by a web hook the 51 00:01:03,610 --> 00:01:05,520 own discord server by a web hook the malware also attempts to spread itself 52 00:01:05,520 --> 00:01:05,530 malware also attempts to spread itself 53 00:01:05,530 --> 00:01:07,380 malware also attempts to spread itself to other discord users by sending a 54 00:01:07,380 --> 00:01:07,390 to other discord users by sending a 55 00:01:07,390 --> 00:01:09,060 to other discord users by sending a message that contains the malware to 56 00:01:09,060 --> 00:01:09,070 message that contains the malware to 57 00:01:09,070 --> 00:01:11,910 message that contains the malware to everyone on the user's friend list after 58 00:01:11,910 --> 00:01:11,920 everyone on the user's friend list after 59 00:01:11,920 --> 00:01:14,370 everyone on the user's friend list after modifying the discord client and our key 60 00:01:14,370 --> 00:01:14,380 modifying the discord client and our key 61 00:01:14,380 --> 00:01:16,530 modifying the discord client and our key grabber doesn't run again which makes it 62 00:01:16,530 --> 00:01:16,540 grabber doesn't run again which makes it 63 00:01:16,540 --> 00:01:18,330 grabber doesn't run again which makes it difficult for antivirus software to 64 00:01:18,330 --> 00:01:18,340 difficult for antivirus software to 65 00:01:18,340 --> 00:01:20,219 difficult for antivirus software to detect the threat since there are no 66 00:01:20,219 --> 00:01:20,229 detect the threat since there are no 67 00:01:20,229 --> 00:01:23,219 detect the threat since there are no malicious processes it also ensures that 68 00:01:23,219 --> 00:01:23,229 malicious processes it also ensures that 69 00:01:23,229 --> 00:01:24,750 malicious processes it also ensures that a victim remains part of the botnet 70 00:01:24,750 --> 00:01:24,760 a victim remains part of the botnet 71 00:01:24,760 --> 00:01:26,820 a victim remains part of the botnet whenever they interact with discord 72 00:01:26,820 --> 00:01:26,830 whenever they interact with discord 73 00:01:26,830 --> 00:01:29,880 whenever they interact with discord using the app Robbie how can a user 74 00:01:29,880 --> 00:01:29,890 using the app Robbie how can a user 75 00:01:29,890 --> 00:01:31,649 using the app Robbie how can a user determine if they're infected if 76 00:01:31,649 --> 00:01:31,659 determine if they're infected if 77 00:01:31,659 --> 00:01:34,350 determine if they're infected if antivirus can't detect it well becca 78 00:01:34,350 --> 00:01:34,360 antivirus can't detect it well becca 79 00:01:34,360 --> 00:01:37,649 antivirus can't detect it well becca tech-savvy users can open the index j s5 80 00:01:37,649 --> 00:01:37,659 tech-savvy users can open the index j s5 81 00:01:37,659 --> 00:01:40,350 tech-savvy users can open the index j s5 and then they can check the content so 82 00:01:40,350 --> 00:01:40,360 and then they can check the content so 83 00:01:40,360 --> 00:01:42,929 and then they can check the content so on Windows you're gonna find that in its 84 00:01:42,929 --> 00:01:42,939 on Windows you're gonna find that in its 85 00:01:42,939 --> 00:01:45,899 on Windows you're gonna find that in its app data just wrap that in percent signs 86 00:01:45,899 --> 00:01:45,909 app data just wrap that in percent signs 87 00:01:45,909 --> 00:01:47,760 app data just wrap that in percent signs to get there really quickly and then 88 00:01:47,760 --> 00:01:47,770 to get there really quickly and then 89 00:01:47,770 --> 00:01:49,620 to get there really quickly and then you'll enter the discord folder Linux 90 00:01:49,620 --> 00:01:49,630 you'll enter the discord folder Linux 91 00:01:49,630 --> 00:01:52,109 you'll enter the discord folder Linux and Mac users go to the doc config 92 00:01:52,109 --> 00:01:52,119 and Mac users go to the doc config 93 00:01:52,119 --> 00:01:53,910 and Mac users go to the doc config hidden folder in your home folder and 94 00:01:53,910 --> 00:01:53,920 hidden folder in your home folder and 95 00:01:53,920 --> 00:01:55,830 hidden folder in your home folder and within that you'll find the discord 96 00:01:55,830 --> 00:01:55,840 within that you'll find the discord 97 00:01:55,840 --> 00:01:58,530 within that you'll find the discord folder holding all the files now on any 98 00:01:58,530 --> 00:01:58,540 folder holding all the files now on any 99 00:01:58,540 --> 00:02:01,950 folder holding all the files now on any architecture the files in from there are 100 00:02:01,950 --> 00:02:01,960 architecture the files in from there are 101 00:02:01,960 --> 00:02:03,510 architecture the files in from there are going to be the same so whether you're 102 00:02:03,510 --> 00:02:03,520 going to be the same so whether you're 103 00:02:03,520 --> 00:02:05,700 going to be the same so whether you're on Windows Mac or Linux you'll note that 104 00:02:05,700 --> 00:02:05,710 on Windows Mac or Linux you'll note that 105 00:02:05,710 --> 00:02:06,730 on Windows Mac or Linux you'll note that that the 106 00:02:06,730 --> 00:02:06,740 that the 107 00:02:06,740 --> 00:02:09,999 that the are many many files called index J s in 108 00:02:09,999 --> 00:02:10,009 are many many files called index J s in 109 00:02:10,009 --> 00:02:13,180 are many many files called index J s in the tree from that folder so the one 110 00:02:13,180 --> 00:02:13,190 the tree from that folder so the one 111 00:02:13,190 --> 00:02:16,360 the tree from that folder so the one that you're looking for is in discord 112 00:02:16,360 --> 00:02:16,370 that you're looking for is in discord 113 00:02:16,370 --> 00:02:19,479 that you're looking for is in discord underscore desktop underscore core and 114 00:02:19,479 --> 00:02:19,489 underscore desktop underscore core and 115 00:02:19,489 --> 00:02:22,600 underscore desktop underscore core and the directory format is your discord 116 00:02:22,600 --> 00:02:22,610 the directory format is your discord 117 00:02:22,610 --> 00:02:24,820 the directory format is your discord version now in my case here on windows 118 00:02:24,820 --> 00:02:24,830 version now in my case here on windows 119 00:02:24,830 --> 00:02:28,210 version now in my case here on windows if that's zero point zero point 306 so I 120 00:02:28,210 --> 00:02:28,220 if that's zero point zero point 306 so I 121 00:02:28,220 --> 00:02:30,699 if that's zero point zero point 306 so I enter that folder then modules then 122 00:02:30,699 --> 00:02:30,709 enter that folder then modules then 123 00:02:30,709 --> 00:02:33,040 enter that folder then modules then discord underscore desktop underscore 124 00:02:33,040 --> 00:02:33,050 discord underscore desktop underscore 125 00:02:33,050 --> 00:02:35,199 discord underscore desktop underscore core and I can check the contents of the 126 00:02:35,199 --> 00:02:35,209 core and I can check the contents of the 127 00:02:35,209 --> 00:02:37,720 core and I can check the contents of the index J ass file and if it contains 128 00:02:37,720 --> 00:02:37,730 index J ass file and if it contains 129 00:02:37,730 --> 00:02:40,300 index J ass file and if it contains anything other than a command to require 130 00:02:40,300 --> 00:02:40,310 anything other than a command to require 131 00:02:40,310 --> 00:02:43,559 anything other than a command to require Chordata SAR it's probably infected 132 00:02:43,559 --> 00:02:43,569 Chordata SAR it's probably infected 133 00:02:43,569 --> 00:02:44,920 Chordata SAR it's probably infected thanks Robbie 134 00:02:44,920 --> 00:02:44,930 thanks Robbie 135 00:02:44,930 --> 00:02:47,860 thanks Robbie if you suspect infection uninstall the 136 00:02:47,860 --> 00:02:47,870 if you suspect infection uninstall the 137 00:02:47,870 --> 00:02:50,350 if you suspect infection uninstall the discord app and reinstall change your 138 00:02:50,350 --> 00:02:50,360 discord app and reinstall change your 139 00:02:50,360 --> 00:02:53,140 discord app and reinstall change your password and ensure two FA is reenable 140 00:02:53,140 --> 00:02:53,150 password and ensure two FA is reenable 141 00:02:53,150 --> 00:02:55,150 password and ensure two FA is reenable diff it's been turned off whether 142 00:02:55,150 --> 00:02:55,160 diff it's been turned off whether 143 00:02:55,160 --> 00:02:57,460 diff it's been turned off whether discord email Facebook or otherwise be 144 00:02:57,460 --> 00:02:57,470 discord email Facebook or otherwise be 145 00:02:57,470 --> 00:03:00,190 discord email Facebook or otherwise be diligent and ensure you only click links 146 00:03:00,190 --> 00:03:00,200 diligent and ensure you only click links 147 00:03:00,200 --> 00:03:02,440 diligent and ensure you only click links you know you can trust since malware 148 00:03:02,440 --> 00:03:02,450 you know you can trust since malware 149 00:03:02,450 --> 00:03:04,210 you know you can trust since malware like this spreads to friendless it's 150 00:03:04,210 --> 00:03:04,220 like this spreads to friendless it's 151 00:03:04,220 --> 00:03:05,830 like this spreads to friendless it's also important to remember that just 152 00:03:05,830 --> 00:03:05,840 also important to remember that just 153 00:03:05,840 --> 00:03:07,630 also important to remember that just because it's one of your trusted friends 154 00:03:07,630 --> 00:03:07,640 because it's one of your trusted friends 155 00:03:07,640 --> 00:03:09,490 because it's one of your trusted friends sending it doesn't mean you can 156 00:03:09,490 --> 00:03:09,500 sending it doesn't mean you can 157 00:03:09,500 --> 00:03:11,800 sending it doesn't mean you can automatically trust the links a simple 158 00:03:11,800 --> 00:03:11,810 automatically trust the links a simple 159 00:03:11,810 --> 00:03:13,720 automatically trust the links a simple did you send this question could be all 160 00:03:13,720 --> 00:03:13,730 did you send this question could be all 161 00:03:13,730 --> 00:03:16,000 did you send this question could be all it takes to protect you your account and 162 00:03:16,000 --> 00:03:16,010 it takes to protect you your account and 163 00:03:16,010 --> 00:03:29,830 it takes to protect you your account and your privacy 164 00:03:29,830 --> 00:03:29,840 165 00:03:29,840 --> 00:03:32,879 [Music]