TroubleGrabber Malware

TroubleGrabber, a new credential stealer discovered by Netskope security
researchers, spreads via Discord attachments and uses Discord webhooks
to deliver stolen information to its operators.Several threat actors use
the new info stealer to target gamers on Discord servers and to steal
their passwords and other sensitive information.

This malware, which primarily arrives via drive-by download, steals the
web browser tokens, Discord webhook tokens, web browser passwords, and
system information. This information is sent via webhook as a chat
message to the attacker’s Discord server. Based on the file names and
delivery mechanisms, TroubleGrabber is actively being used to target gamers.

Discord and Github are both used to download next stage payloads to the
C:/temp folder once a victim is infected with TroubleGrabber.
The malware also uses Discord webhooks to communicate with its
command-and-control (C2) server and to send the victims’ stolen information.
TroubleGrabber steals a wide range of important information including
“web browser tokens, Discord webhook tokens, web browser passwords, and
system information.”
All this collected information is sent by the malware through chat
messages using Discord webhooks to the attackers’ Discord servers.
The malware is created by a threat actor who goes by the name of Itroublve.

TroubleGrabber is known for primarily being delivered onto victims’
computers using drive-by downloads via Discord attachment links.

The Indicators Of Compromise (IOC’s) associated with TroubleGrabber is
available on Github –
https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/TroubleGrabber.

Reference and Acknowledge
https://www.netskope.com/blog/here-comes-troublegrabber-stealing-credentials-through-discord
https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/

Share