![]() ![]() Here are some suggestions to help combat this exploit. My main account got compromised because of this as well, and by doing some research it revealed some major security flaws that Discord has. If this was your alt account and you are concerned about it, I suggest you just delete it. The malware AnarchyGrabber that compromises user login tokens has been spreading since 2020 and it is recently spiking again. What this could of done is sent your token to the attacker or setup to intercept your network requests from discord (ie. That was pretty stupid if you did not understand the code. Another problem could be the code you might have pasted into console that gives you your token. I'm not great at malware or mischievous software, but to remove it, probably reinstall your OS like mentioned by bluewave41. If you ran the code locally on your computer then it could of downloaded scripts that remain on your computer that refresh every time your token changes. The simple fix is to stop running the code. Therefore, they constantly have access to your account. Feature List Token-Checker Token-Generator Exploit-Tab Selfbot 12+ commands Webhook-Spammer Auto-Bumper Message-Logger &. What must be happening here is that you keep putting your user token in the replit to run the code, and every time you run the code, it's sending your token to the attacker. NEVER trust any code asking for your user token that you don't understand. For it to work the user needs to understand what they've just done and the general Discord user will not be technical enough for this. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects. That exact reason is why implementing a button to regenerate your token doesn't make sense. A threat actor updated the AnarchyGrabber trojan into a new version that steals passwords and user tokens, disables 2FA, and spreads malware to a victim's friends. To associate your repository with the anarchy-grabber topic, visit your repo's landing page and select 'manage topics.' GitHub is where people build software. The reason mass DM clients work is because people don't realize they've just given their token away. The script defines classes including: The grabdiscord class serves as an entry point for initializing and uploading. Now you need to ask yourself: is someone who is dumb enough to scan a random QR code and ignore all the very obvious warning messages given to them smart enough to realize they gave their token away? The discordtokengrabber.py, python script is designed for the extraction and potential uploading of Discord user tokens and related information from various Discord-related directories and files on a Windows system. You cannot (bar some crazy zero day exploit) get someone's token by simply sending them an image without any interaction. Now by image token grabber I have to assume you're referring to QR codes. If someone was to run an unknown malicious script they need to change their password which changes their token. There is no telling what this script may have done. ![]() ![]() First off, the console already has a very large clear warning deterring anyone from running an unknown script. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |