The Updated Malware
Discord has previously been accused of the same reason, as being weak in preparing its app for malware detection. Now the app’s being attacked for the same old reason. Anarchy Grabber is a well-known malware that’s infecting users via YouTube channels and hacking forums, which steals users Discord login tokens when they run the app.
The new AnarchyGrabber2 will modify the AppData%\Discord\[version]\modules\discord_desktop_core\index.js to add attacker’s files, which are procured from 4n4rchy subfolder. And whenever the app’s being opened, it will load these malicious files again and again afresh. This would help to evade the antivirus detection, as even though the initial malware executable is flagged, the files will already be modified.
What Discord Can Do?
BleepingComputer finds a solution for such attacks – Client Integrity Check. This is to create a hash for each client file which will be changed whenever there’s a modification of files, thus detectable. This will be informed to users by a notification and check any file changes.