CursedGrabber Malware
The Discord Malware continues to be a popular trend among cybercriminals. One of the most recent threats to fit the profile is called the CursedGrabber Malware, and it was discovered in the first week of November 2020. The threat was hosted on the public 'npm' registry. 'Npm' is a package manager for JavaScript and the frameworks associated with it. The file in question, dubbed xpc.js, packed a corrupted piece of code, meant to take over the Discord installation on the victim's machine. Upon further analysis, malware experts identified several files associated with the newly identified CursedGrabber Malware – xpc.js, wsbd.js, ac-addon, discord.app and discord.dll.
The good news is that the corrupted 'npm' package has been downloaded just over a hundred times, so the infection rate of the CursedGrabber Malware is likely to be relatively low. However, the criminals behind it may experiment with other propagation methods – it is not uncommon for malware of this type to be spread via corrupted Discord links and attachments.
When the CursedGrabber Malware infiltrates a machine, it tries to collect Discord tokens and other accessible Discord information immediately. In addition to this, it tries to hijack the databases of Web browsers, therefore providing attackers with access to the victim's cookies, browsing history, autofill data and more. Last but not least, one of CursedGrabber Malware's modules seems to look for saved payment information on compromised devices. All information that the CursedGrabber Malware exfiltrates from computers is transmitted via a Discord webhook to a Discord server controlled by the attackers.
Another component of the CursedGrabber Malware appears to be under development yet, but it might soon be fully active. The module, dubbed 'lib2.exe,' is meant to download and execute a corrupted file. Needless to say, this malware's capabilities turn it into a very serious threat whose attack can cause devastating damages. To protect your system from the CursedGrabber malware, you should install and activate a reputable anti-virus product.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.