Wani sabon nau'in malware na AnarchyGrabber ya juya Discord (manzon nan take kyauta wanda ke goyan bayan VoIP da taron bidiyo) zuwa barawon asusu. Malware yana canza fayilolin abokin ciniki na Discord ta hanyar da za a sata asusun mai amfani lokacin shiga cikin sabis ɗin Discord kuma a lokaci guda ya kasance mara ganuwa ga riga-kafi.
Ana yada bayanai game da AnarchyGrabber akan dandalin masu fashin baki da bidiyon YouTube. Jigon manhajar shine cewa idan aka ƙaddamar da shi, malware ɗin yana satar alamun mai amfani na mai amfani da Discord mai rijista. Ana mayar da waɗannan alamun zuwa tashar Discord a ƙarƙashin ikon maharin, kuma ana iya amfani da su don shiga tare da bayanan mai amfani na wani.
An rarraba asalin sigar malware azaman fayil mai aiwatarwa wanda shirye-shiryen riga-kafi ke ganowa cikin sauƙi. Don yin wahalar gano AnarchyGrabber ta riga-kafi da haɓaka rayuwa, masu haɓakawa sun sabunta ƙwalwarsu ta yadda yanzu ta canza fayilolin JavaScript da abokin ciniki Discord ke amfani da shi don shigar da lambar sa a duk lokacin da aka ƙaddamar da shi. Wannan sigar ta sami ainihin ainihin suna AnarchyGrabber2 kuma lokacin da aka ƙaddamar da shi, yana shigar da lambar ɓarna a cikin fayil ɗin "%AppData%Discord[version]modulesdiscord_desktop_coreindex.js".
Bayan gudanar da AnarchyGrabber2, canjin lambar JavaScript daga babban fayil na 4n4rchy zai bayyana a cikin fayil ɗin index.js, kamar yadda aka nuna a ƙasa.
Tare da waɗannan canje-canje, za a sauke ƙarin fayilolin JavaScript qeta lokacin da kuka ƙaddamar da Discord. Yanzu, lokacin da mai amfani ya shiga cikin manzo, rubutun zai yi amfani da ƙugiya ta yanar gizo don aika alamar mai amfani zuwa tashar maharin.
Abin da ya sa wannan gyare-gyare na abokin ciniki Discord ya zama irin wannan matsala shi ne cewa ko da an gano ainihin aiwatar da malware ta riga-kafi, fayilolin abokin ciniki za su riga an gyara su. Saboda haka, malicous code na iya zama a kan na'urar har tsawon lokacin da ake so, kuma mai amfani ba zai yi zargin cewa an sace bayanan asusunsa ba.
Wannan ba shine karo na farko da malware ke canza fayilolin abokin ciniki na Discord ba. A cikin Oktoba 2019, an ba da rahoton cewa wani yanki na malware shima yana canza fayilolin abokin ciniki, yana mai da abokin ciniki Discord zuwa Trojan na satar bayanai. A lokacin, mai haɓaka Discord ya bayyana cewa zai nemi hanyoyin da za a gyara wannan raunin, amma da alama har yanzu ba a warware matsalar ba.
Har sai Discord ya ƙara bincika amincin fayil ɗin abokin ciniki a farawa, asusun Discord zai ci gaba da kasancewa cikin haɗari daga malware wanda ke yin canje-canje ga fayilolin manzo.
source: 3dnews.ru