AnarchyGrabber Info Stealer - How to remove

AnarchyGrabber is a data stealer that targets Discord. If you think that your Discord account was hacked or stolen, then AnarchyGrabber could be at fault. This info stealer isn’t as bad as other trojans, but it’s more easily available, too. To get rid of AnarchyGrabber, victims will need to not only remove it, but also to replace the infected Discord file.

In short about AnarchyGrabber:

Type of threat	Trojan, spyware.
How AnarchyGrabber spreads	With malicious links that come in social media messages and emails, uploaded online and disguised as wanted software.
Dangers of the data stealer	Lets malicious actors log in to the stolen Discord account.
Remove AnarchyGrabber	Use antivirus programs (like Spyhunter and others) to detect malware, delete malicious files, reinstall Discord or replace the infected file.

What AnarchyGrabber does

Though it’s an info stealer, AnarchyGrabber does not take screenshots, steal passwords, or show malicious pages in your web browser. AnarchyGrabber’s damage potential is limited to Discord and you don’t need to worry about it like you would about real spyware trojans, such as Astaroth, Zeus, or Glupteba.

AnarchyGrabber can Steal your access token, which lets attackers open your account. They can see all that you see – without stealing your username or password. At the very worst, this could be used by malicious actors to impersonate you and, for example, spread malware to your friends.

Specifically, AnarchyGrabber does a few things:

• Steals access tokens which can be used by hackers to log in to their victims’ accounts.
• Tries to avoid detection by antivirus programs.
• Infects the Discord app’s index.js file to run malicious code.

A file being named “index” generally means that this file should be loaded and run first. Index.js also allows functions to be loaded from external files. AnarchyGrabber making a home in this file means that it can run every time you start Discord.

Read more about AnarchyGrabber in this BleepingComputer article And here is the sample that was found by MalwareHunterTeam.

How the stealer spreads

Anyone can use and spread AnarchyGrabber, even those without a lot of technical knowledge. In this way, AnarchyGrabber is kind of a joke infection, used by mean adults and kids to commit mischief. This makes it hard to predict how it spreads, as any malicious actor can come up with their own way to do it. AnarchyGrabber could come in:

• links shared in social media messages or emails,
• downloaded by infected websites,
• bundled with installers that are available for free on shady websites.

In fact, any malicious person could get their hands on AnarchyGrabber and trick someone that they know into downloading it. That sort of targeted attack can be very effective and dangerous. It can be used to impersonate people or spy on them – very harmful in the right hands. And, of course, AnarchyGrabber remains effective even if the victim changes their password.

Remove AnarchyGrabber

AnarchyGrabber needs to be removed, which includes the file that it came in – if you got AnarchyGrabber from a file downloaded from the internet. Be careful, keep in mind how you got infected, and do not redownload and reinstall AnarchyGrabber. You can use a strong antivirus program, like Spyhunter. Not just to remove AnarchyGrabber, but also to make sure that there are no more malicious programs on your device. Malware spreads in groups so often that it’s just good sense to scan your whole computer after a suspected attack.

However, it’s not enough to remove AnarchyGrabber, as some Discord files are already modified by this malware. You can reinstall Discord to fix it. I can’t find a way to validate Discord’s files, but you might find this post by Discord support useful.

Automatic Malware removal tools