Mercurial Grabber.exe May 2026

Distributed via phishing emails or "freeware" links in YouTube descriptions and Discord servers. Typical Infection Cycle

Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots. Mercurial Grabber.exe

Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions. Distributed via phishing emails or "freeware" links in

Fake "FiveM" cheats, Minecraft mods, or Roblox exploits. Cracked Software: Keygens or installers for paid software. Mercurial Grabber.exe

Mercurial Grabber is designed for "smash-and-grab" operations, focusing on the following targets:

The user runs the .exe . It may show a fake error message or a simple GUI to appear legitimate.

Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts.