The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: Android Malware, Bluetooth, Phishing, Winnti Group , WolfRAT, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Discord Client Turned Into a Password Stealer By Updated Malware
(published: May 24, 2020)
An unnamed threat actor has modified the AnarchyGrabber trojan to steal the passwords and user tokens of Discord users as well as disable Two Factor Authentication (2FA). AnarchyGrabber is publicly available for download from criminal forums and Youtube videos. Threat actors would distribute the trojan to discord servers masquerading it as copyrighted software or game cheats. Previous versions of AnarchyGrabber would modify the Discord client's Javascript files in order to grab user tokens. The latest version called "AnarchyGrabber3" modifies Discord's index.js file allowing threat actors to steal user passwords and spread the trojan to everyone on the user's friends list. This latest version is difficult to detect because once the trojan has conducted its operations it will remove itself to evade detection from antivirus products.Recommendation: In order to identify whether or not a user's Discord client has been compromised by this latest version of AnarchyGrabber, they must view the "index.js" file. This can be found at "%AppData%Discord[version]modulesdiscord_desktop_coreindex.js file" and if the file does not have this single line in it, "module.exports = require( ..
Support the originator by clicking the read the rest link below.
