TroubleGrabber is a recently discovered malware that spreads via Discord attachments and uses Discord webhooks for data exfiltration. The security researchers at Netskope, the American cyber security firm have spotted this new credential stealer TroubleGrabber that uses Discord webhooks to transfer stolen data to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. The functionalities of this malware is very similar to the AnarchyGrabber, another info stealer.
TroubleGrabber is distributed via drive-by download and the malware is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information. All this collected information is sent by the malware through chat messages using Discord webhooks to the attackers’ Discord servers.
TroubleGrabber was discovered in October 2020 by security researchers at Nesktope while analyzing Discord threats. The experts identified more than 5,700 public Discord attachment URLs hosting malware. Researchers said that the malware is created by a threat actor who goes by the name of Itroublve. NetSkope also discovered that the author of the malware currently runs a Discord server with 573 members, and hosts next stage payloads and the malware generator’s on their public GitHub account.