Mercurial Grabber.exe Apr 2026

Mercurial Grabber.exe Apr 2026

Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts.

Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions. Mercurial Grabber.exe

Distributed via phishing emails or "freeware" links in YouTube descriptions and Discord servers. Typical Infection Cycle Scrapes local LevelDB files to steal Discord authentication

It silently scans for the targeted files and browser databases. they disguise it as:

Attackers rarely name the file "Mercurial Grabber.exe" when sending it to victims. Instead, they disguise it as: