Blog

TroubleGrabber is a newly discovered account thief that spreads through attached discordance files and uses Discord Web Hooks to filterdata.

Netskope security researchers have discovered a new identity thief, TroubleGrabber, who disseminates data through controversy attachments and uses Discord Web Hooks to transfer stolen data to its operators.

Malware has the same characteristics as other malware targeting gamers, such as B. AnarchyGrabber, but it appears to be the work of various threat actors. TroubleGrabber was developed by a man named Itroublve and is currently used by various threat actors.

This malware spreads per drive-by download and can steal web browser tokens, Discord Web hook tokens, web browser passwords and system information. The malware sends information about Webhook in the form of a chat message to the attacker, who sends it back to his disagreement server.

The malware was distributed through Discord in 97.8% of the infections detected, with a small number distributed through anonfiles.com and anonymousfiles.io, services that allow users to download files anonymously and free of charge to create a public download link.

The information theft was also distributed to users of more than 700 different discord server channels.

Netscope’s researchers discovered TroubleGrabber in October 2020 and analysed the dangers of this disagreement.

Experts have identified more than 5,700 URLs of public discord attachments containing malware.

In October 2020 alone, we discovered more than 5,700 URLs of public dissent attachments with malicious content, mostly in the form of executable files and Windows archives. At the same time, we analyzed our malware database for patterns with disk URLs that will be used as payloads in the next phase or C2.

Figure 1 shows a breakdown of the five most common detections of the 1,650 malware samples that Discord delivered during the same period, which also includes the Discord URL.

The TroubleGrabber attack removal chain uses both dissension and github as a repository for the next step, which is loaded into the C:/temp folder after the victim is infected with the malware.

TroubleGrabber steals victims’ access data, including system information, IP address, passwords, and web browser tokens.

It then sends it back to the attacker as a chat message via a web hook URL. continues with the report.

NetSkope has discovered that the author of the malware is currently running on a 573-person mismatch server and is also hosting the next level of payload and malware generator on his public GitHub account.

The OSINT analysis enabled the experts to identify the discord server, Facebook page, Twitter, Instagram, website, email address and YouTube channel.

Netskope Threat Labs reported one in ten. November 2020 on the TroubleGrabber to Discord, GitHub, YouTube, Facebook, Twitter and Instagram attack elements.

Compromise indicators (IOC) related to the invasive problem are available at Gituba.

Pierluigi Paganini

(Security issues – Hacking, malware)

 

Part

 

Related Tags:

discord malware 2020,discord trojan virus,discord cyber attack august 9,discord malware reddit,anarchygrabber 3,cyber attack 2020 august