Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: drake145 on May 31, 2020, 03:14:03 PM
-
Good day All,
I ran a full deep scan today, and it detected a Trojan in the"index.js" file on the below path:
/Users/Home/Library/Application Support/discord/0.0.254/modules/discord_desktop_core
I ran a full malwarebytes scan (with the file restored), but it found nothing. I've also submitted the file to the virus lab.
Below are the virustotal results:
https://www.virustotal.com/gui/file/7149e6ede44455dc5313351ba9081de69d2e3c1059501f8084a6960fc52fc1d9/detection
Avast version: 14.4
Definitions: 20053100
Is this a false positive?
-
I ran a full malwarebytes scan (with the file restored), but it found nothing.
JS:AnarchyGrabber-A [TRJ] = a java script (JS) Malwarebytes does not target script, doc or media files
COMMUNITY
Basic Properties
MD5 a0297bfafe6f99ddbc563d9f0e5a9f75
SHA-1 5fc5801cdb0fbf4aad69bb9e6f7b8957f664e872
SHA-256 7149e6ede44455dc5313351ba9081de69d2e3c1059501f8084a6960fc52fc1d9
SSDEEP 3:3BBBbJmAj+Pe:xBBMXm
File type Text
Magic ASCII text, with no line terminators
File size 40.00 B (40 bytes)
History
First Submission 2018-01-13 15:53:10
Last Submission 2019-10-28 00:49:31
Last Analysis 2020-05-31 17:00:01
It is old, so seems like a False Positive
-
I found two articles from a few days ago regarding this file, and it would appear that Discord does have a vulnerability:
https://www.tripwire.com/state-of-security/security-data-protection/updated-anarchygrabber-steals-passwords-spreads-to-discord-friends/
https://www.informationsecuritybuzz.com/expert-comments/expert-on-anarchygrabber-trojan-update-stealing-discord-clients-passwords/
Since I am fairly certain that it is a false positive on my machine (based on the virsutotal results and that I haven't opened Discord in a long time), I restored the file and opened it to look at the code. It opened my web browser and showed one line of code, exactly as indicated on the tripwire website.
-
After updating to the latest virus definition, Avast no longer detects the file, so everything is OK now.