AnarchyGrabber — recently updated Discord password-stealing malwareLearn to identify Discord malwareMalware descriptionStay away from suspicious links on Youtube video descriptions and shady websitesAnarchyGrabber malware removal process

According to the researchers’ review, attackers distribute this virus by uploading malicious links on dubious sites, YouTube video descriptions, and sending direct messages to people on the infected account’s friend list. Once infiltrated, it aims to embed a malicious code onto Index.js file located in %AppData%\Discord[version]\modules\discord_desktop_core\ directory. The updated version is now capable to steal e-mail and IP addresses, phone numbers, account tokens and search for all passwords saved in plain-text format. Likewise, people who got infected with AnarchyGrabber virus might suffer from personal information and financial losses. Additionally, there is a strong risk that user’s friends might also get infected as the developers send links with malware executables to all online contacts. Therefore, it is essential to spot and recognize the infection as quickly as possible in order to avoid further spread. You must remove AnarchyGrabber and related components fully so that the malware would not reappear on the system. Later, it is essential to change passwords on all accounts so that the attackers would not get a hold of them and cause even more damage.

Learn to identify Discord malware

Developers designed the Anarchy Grabber malware to hide its presence on the infected computer by modifying legitimate Discord JavaScript files. You can still detect it by navigating to %AppData%\Discord[version]\modules\discord_desktop_core\ directory and opening Index.js file via the Notepad. Original Index.js file should contain only one line — module.exports = (‘./asar.js’). If there is any other text below the given line, it means that your computer has been infected with Anarchy Grabber password-stealing malware. Additionally, you can confirm the infection by searching for 4n4rchy folder in the same Discord directory. Once the malware is in your computer’s system, it will log you out of Discord by force. Under any circumstances, do NOT re-login. If you enter your password, it will immediately collect it and transfer it to the cybercriminals. Additionally, logging in enables other malicious scripts that help steal further information from your computer. In case your antivirus quarantined and eliminated this cyber threat, you are still not safe. There is a strong chance that the malware entered the system together with another malicious program. You should run a full system scan to find the related application and get rid of it as well. Later, you must uninstall and reinstall Discord application along will all related files. Secondly, change your account’s password as it is likely that the software will regenerate the same stolen token. We highly recommend performing AnarchyGrabber removal with RESTORO as it can also help you fix the damage this virus has caused.

Malware description

Even though there is still not much information on how this new cyber threat spreads, experts have already identified the currently used distribution method — malicious links that start an automatic installation of AnarchyGrabber malware. Once it is clicked, the computer downloads and installs the virus without further notice. Usually, people can encounter such links on dubious websites that are not verified and marked Not Secured next to the URL address. We strongly recommend avoiding to visit any questionable pages and avoid clicking on suspicious links at all times. Otherwise, there is a strong risk that you will infect your computer with various types of malicious programs, including ransomware, adware, and others. Furthermore, our security team warns about a relatively new method to spread password-stealing malware. Cybercriminals started to upload the malicious links on various Youtube video descriptions. Therefore, you must always be aware of the potential threats lurking on the Internet. Here is a quick reminder of activities to avoid if you want to protect your system:

Stop browsing on unverified sites;Never press on unidentified links;Download applications only from secure websites;Never install software cracks from peer-to-peer (P2P) portals;Do not click on advertisements that pop up while browsing;Schedule regular computer system scans with an antivirus.

AnarchyGrabber malware removal process

The most dangerous aspect of this malware is that it is designed to avoid detection by antivirus software. AnarchyGrabber removal process consists of two parts where both, manual and automatic elimination is required. This way you can be sure that you have uninstalled the malware and protected your accounts along with information in them. Start the first part of the removal process by installing a professional and strong antivirus program. If you already have one, please open it and start an entire system check to detect virus-related elements. The security software should quarantine and remove Anarchy Grabber Stealer for you. The second part of the process requires you to uninstall Discord application and getting rid of related files. Later, reinstall the software by downloading a new executable file from the official website. You must also change your Discord’s account password to make sure that the attackers cannot access it. Finally, you should create new passwords for all other accounts that you use since it is impossible to detect which passwords have been stolen. Otherwise, cybercriminals can hijack your social media or online banking and cause significant damage. You can follow the steps below to make sure that you complete malware removal correctly. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Method 1. Enter Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode: Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users Now, you can search for and remove AnarchyGrabber files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.