Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts.
The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:
Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex . Mercurial Grabber.exe
The file is the compiled output of an open-source information stealer (infostealer) originally published on GitHub in 2021. While its creators claimed it was for "educational purposes," it has been widely adopted by threat actors to steal personal data from gamers and casual web users.
Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots. Scrapes local LevelDB files to steal Discord authentication
Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities
It silently scans for the targeted files and browser databases. The file is the compiled output of an
Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated.