hovering the week's top tech stories
it's like Linux bias
researchers have found an updated
version of Anarchy grabber that steals
victims plaintext passwords and infects
victims friends on discord
detected as Anarchy grabber 3 the new
trojan variant modifies the discord
clients javascriptcore upon successful
installation and this modified version
gives the malware the ability to load
other JavaScript files when the infected
disk or client is open the threat loaded
inject j/s from a new anarchy folder
this file loaded another script called
discord magis and the two scripts
together logs the user out at which
point they are prompted to log back in
the new Anarchy grabber variant then
attempts to disable two-factor
authentication on its victims account
and steals information including their
username plaintext password and user
token which it sends to the attackers
own discord server by a web hook the
malware also attempts to spread itself
to other discord users by sending a
message that contains the malware to
everyone on the user's friend list after
modifying the discord client and our key
grabber doesn't run again which makes it
difficult for antivirus software to
detect the threat since there are no
malicious processes it also ensures that
a victim remains part of the botnet
whenever they interact with discord
using the app Robbie how can a user
determine if they're infected if
antivirus can't detect it well becca
tech-savvy users can open the index j s5
and then they can check the content so
on Windows you're gonna find that in its
app data just wrap that in percent signs
to get there really quickly and then
you'll enter the discord folder Linux
and Mac users go to the doc config
hidden folder in your home folder and
within that you'll find the discord
folder holding all the files now on any
architecture the files in from there are
going to be the same so whether you're
on Windows Mac or Linux you'll note that
that the
are many many files called index J s in
the tree from that folder so the one
that you're looking for is in discord
underscore desktop underscore core and
the directory format is your discord
version now in my case here on windows
if that's zero point zero point 306 so I
enter that folder then modules then
discord underscore desktop underscore
core and I can check the contents of the
index J ass file and if it contains
anything other than a command to require
Chordata SAR it's probably infected
thanks Robbie
if you suspect infection uninstall the
discord app and reinstall change your
password and ensure two FA is reenable
diff it's been turned off whether
discord email Facebook or otherwise be
diligent and ensure you only click links
you know you can trust since malware
like this spreads to friendless it's
also important to remember that just
because it's one of your trusted friends
sending it doesn't mean you can
automatically trust the links a simple
did you send this question could be all
it takes to protect you your account and
your privacy
[Music]