Discord users warned of new malware called TroubleGrabber

An info-stealing malware, called TroubleGrabber, collects login credentials, system information, and other data of Discord users until reported or deleted.

A cybersecurity company, Sophos, has issued a warning against malware called TroubleGrabber, mostly found within the Discord platform. As the report goes, this communication platform has become an increasingly common target for various malware creators and hackers in the previous years.

 

About Discord

Discord is a social platform used by gamers for private chats, text messages, file exchanges, and video/voice calls to facilitate their gaming sessions. Gamers like Discord for its highly flexible app and customizable features that help speed up their usual communication. Discord helps them organize content according to different hashtags, groups, categories, or rooms.

The biggest problem with Discord, however, is that the number of malware threats exploiting its popularity is growing. While Discord scams are nothing new, they are now becoming more invasive and spreading even faster than before. One such example is the TroubleGrabber malware

About TroubleGrabber

TroubleGrabber was first discovered by researchers from Netskope at the end of 2020. It was later discovered that the developer who created the malware goes under the pseudonym Ithoublve, and has an email address, website, YouTube channel, and even a Facebook page under the same name! His Discord server has close to 600 members, and he hosts a malware generator on a public GitHub account that allows other hackers to use and contribute to his code.

TroubleGrabber is very reminiscent of the previously infamous AnarchyGrabber. However, thanks to a couple of distinctive functions it has, it can spread itself on Discord friend lists much more quickly. To make things worse, TroubleGrabber's creator has even created a YouTube tutorial video that is supposed to explain its use, helping the malware spread even faster.

Beware of the "free Nitro upgrade"

Many victims of this malware admitted opening the TroubleGrabber file, tricked into thinking that it's a link to a gift code for a one-month Nitro upgrade on Discord. Keep in mind that the Discord Nitro option charges a subscription fee, and that opening such links, as well as the regular use of cracks or cheat programs (called trainers), increases your risks of accidentally installing TroubleGrabber.

 

According to the researchers, TroubleGrabber mostly presents itself as some sort of game cheat, hack, or mode, and sometimes even as a Discord Installer.

How to stay protected from TroubleGrabber malware?

The attack begins with the delivery of the Discord attachment or link to a target user. The link then leads to an archive that contains an executable file. Both attachment and link will take the form of a legitimate app upgrade called Discord Nitro Generator. After the exe isexecuted, five additional payloads are dropped onto the compromised computer - Tokenstealer.bat, Tokenstealer.vbs, Curl.exe, Sendhookfile.exe, and WebBrowserPassView.exe.

Tokenstealer.bat coordinates the most harmful activities of this malware, while the rest of the payloads harvest and save the victim's passwords, exfiltrate data to the raider's Discord server, and execute the cleanup processes to hide most of the traces. As the last step of the entire process, TroubleGrabber restarts the compromised device.

Admittedly, it can be very hard to distinguish between a genuine Discord installation file and a corrupted one. To help you avoid the TroubleGrabber, here's a reminder of some efficient malware avoidance strategies.

TroubleGrabber avoidance dos:

TroubleGrabber avoidance don'ts:

  • Never download Discord from a third-party website, only its official one
  • Don't fall for "free Nitro generators", this service is a paid subscription
  • Never open anonymous or otherwise suspicious messages and links

Think you might have been TroubleGrabbed?

If you think you've been a victim of a hack or have accidentally downloaded malware onto your device, be sure to check out our comparison of the best antivirus providers.

Written by: Danka Delić

With her BA in English Language and Literature, Private Pilot Licence, and passion for researching and writing, Danka brings further diversity to the team. As a former world traveler, she learned to appreciate cyber security and the necessity for digital privacy. Danka is a nature, animal, and written-word lover. She enjoys staying on the go, both mentally and physically, and spends most of her free time either reading or hiking with her dog.

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Large brand with very good value, and a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service