Contents
AnarchyGrabber Stealer is an infamous password-stealing virus that targets Discord users and has recently been updated (a.k.a AnarchyGrabber3). Both versions of this cyber threat aim to steal various social media and other passwords in order to transfer them to the cybercriminals. Experts note that it is relatively hard to detect the malware as it hides its presence by modifying legitimate Discord JavaScript files on the computer.
According to the researchers’ review, attackers distribute this virus by uploading malicious links on dubious sites, YouTube video descriptions, and sending direct messages to people on the infected account’s friend list. Once infiltrated, it aims to embed a malicious code onto Index.js file located in %AppData%\Discord\[version]\modules\discord_desktop_core\ directory.
The updated version is now capable to steal e-mail and IP addresses, phone numbers, account tokens and search for all passwords saved in plain-text format. Likewise, people who got infected with AnarchyGrabber virus might suffer from personal information and financial losses. Additionally, there is a strong risk that user’s friends might also get infected as the developers send links with malware executables to all online contacts.
Therefore, it is essential to spot and recognize the infection as quickly as possible in order to avoid further spread. You must remove AnarchyGrabber and related components fully so that the malware would not reappear on the system. Later, it is essential to change passwords on all accounts so that the attackers would not get a hold of them and cause even more damage.
Developers designed the Anarchy Grabber malware to hide its presence on the infected computer by modifying legitimate Discord JavaScript files. You can still detect it by navigating to %AppData%\Discord\[version]\modules\discord_desktop_core\ directory and opening Index.js file via the Notepad.
Original Index.js file should contain only one line — module.exports = (‘./asar.js’). If there is any other text below the given line, it means that your computer has been infected with Anarchy Grabber password-stealing malware. Additionally, you can confirm the infection by searching for 4n4rchy folder in the same Discord directory.
Once the malware is in your computer’s system, it will log you out of Discord by force. Under any circumstances, do NOT re-login. If you enter your password, it will immediately collect it and transfer it to the cybercriminals. Additionally, logging in enables other malicious scripts that help steal further information from your computer.
In case your antivirus quarantined and eliminated this cyber threat, you are still not safe. There is a strong chance that the malware entered the system together with another malicious program. You should run a full system scan to find the related application and get rid of it as well.
Later, you must uninstall and reinstall Discord application along will all related files. Secondly, change your account’s password as it is likely that the software will regenerate the same stolen token. We highly recommend performing AnarchyGrabber removal with RESTORO as it can also help you fix the damage this virus has caused.
Name | AnarchyGrabber Stealer |
Type | Discord password-stealing malware |
Other names | AnarchyGrabber3 |
Affected files | Index.js |
Distribution methods | Spotted spreading via malicious links on shady websites and Youtube video descriptions as well as incorporated into questionable software |
Symptoms | Designed to operate in stealth mode; yet, if you are logged out of your Discord account without any reason, check your system immediately |
Targeted data | E-mail and IP addresses, phone numbers, account token, and passwords in plain-text format |
Removal | Uninstall this virus with a professional antivirus. You can run a full system scan with RESTORO right away |
Even though there is still not much information on how this new cyber threat spreads, experts have already identified the currently used distribution method — malicious links that start an automatic installation of AnarchyGrabber malware. Once it is clicked, the computer downloads and installs the virus without further notice.
Usually, people can encounter such links on dubious websites that are not verified and marked Not Secured next to the URL address. We strongly recommend avoiding to visit any questionable pages and avoid clicking on suspicious links at all times. Otherwise, there is a strong risk that you will infect your computer with various types of malicious programs, including ransomware, adware, and others.
Furthermore, our security team warns about a relatively new method to spread password-stealing malware. Cybercriminals started to upload the malicious links on various Youtube video descriptions. Therefore, you must always be aware of the potential threats lurking on the Internet.
Here is a quick reminder of activities to avoid if you want to protect your system:
The most dangerous aspect of this malware is that it is designed to avoid detection by antivirus software. AnarchyGrabber removal process consists of two parts where both, manual and automatic elimination is required. This way you can be sure that you have uninstalled the malware and protected your accounts along with information in them.
Start the first part of the removal process by installing a professional and strong antivirus program. If you already have one, please open it and start an entire system check to detect virus-related elements. The security software should quarantine and remove Anarchy Grabber Stealer for you.
The second part of the process requires you to uninstall Discord application and getting rid of related files. Later, reinstall the software by downloading a new executable file from the official website. You must also change your Discord’s account password to make sure that the attackers cannot access it.
Finally, you should create new passwords for all other accounts that you use since it is impossible to detect which passwords have been stolen. Otherwise, cybercriminals can hijack your social media or online banking and cause significant damage. You can follow the steps below to make sure that you complete malware removal correctly.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
AnarchyGrabber Removal Guidelines
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode:
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
Now, you can search for and remove AnarchyGrabber files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.
Special Offer
Compatibility: Microsoft Windows
See Full Review
RESTORO is a unique PC Repair Tool which comes with an in-built Avira scan engine to detect and remove spyware/malware threats and uses a patented technology to repair virus damage. The software can repair damaged, missing or malfunctioning Windows OS files, corrupted DLLs, and more. The free version offers a scan that detects issues. To fix them, license key for the full software version must be purchased.
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Scott Bolton is a senior content strategist in our Geek’s Advice team. He is exceptionally passionate about covering the latest information technology themes and inspire other team members to follow new innovations. Despite the fact that Scott is an old-timer among the Geeks, he still enjoys writing comprehensive articles about exciting cybersecurity news or quick tutorials.
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
KQGS ransomware is a hostile computer virus designed to encrypt all of your files KQGS…
VTYM ransomware description: a virtual menace to your files stored on the computer VTYM ransomware…
FOPA ransomware is a new threatening computer virus that encrypts your files FOPA ransomware virus…
This website uses cookies.