Grabber.exe — Mercurial

Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities

Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex . Mercurial Grabber.exe

Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs Primarily uses Discord Webhooks to exfiltrate stolen data

Use reputable tools like Malwarebytes or Windows Defender to locate and remove the executable and its registry entries. Ransomware Roundup - DoDo and Proton | FortiGuard

The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:

Mercurial Grabber is designed for "smash-and-grab" operations, focusing on the following targets:

Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions.