Mercurial Grabber.exe May 2026

Prioritize Discord, email, and gaming accounts. If you have 2FA enabled, your session tokens might still be at risk until you log out of all sessions.

Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs

Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots. Mercurial Grabber.exe

Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods

It silently scans for the targeted files and browser databases. Prioritize Discord, email, and gaming accounts

Below is a technical breakdown of its typical behavior, delivery, and impact. Malware Type: Infostealer / Credential Grabber.

Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts. Ransomware Roundup - DoDo and Proton | FortiGuard

The file is the compiled output of an open-source information stealer (infostealer) originally published on GitHub in 2021. While its creators claimed it was for "educational purposes," it has been widely adopted by threat actors to steal personal data from gamers and casual web users.