Cybercriminals have found a new way to steal your Discord account using the open source npm repository along with several malware (opens in a new tab) options.
According to Kaspersky, which first noticed the campaign called LofyLife, criminals have created four malicious packages that distribute two different variants of the malware: Volt Stealer and Lofy Stealer.
These packages have been distributed through a repository where they are hosted by various developers. Once integrated, the malware will seek to obtain various information from victims, including Discord tokens, credit card information, and other types of sensitive and potentially identifiable data.
Password change tracking
VoltStealer is someone who steals Discord tokens from compromised endpoints. In addition, it also captures victims’ IP addresses and downloads them via HTTP.
On the other hand, Lofy Stealer has the ability to infect Discord client files and monitor the victim’s activities. It can track when a user logs in, changes their login details (both email and password (opens in a new tab)) when they are changed or disabled multi-factor authentication (opens in a new tab), or add a new payment method, including credit card details. All this data is then uploaded to a remote server.
Threat actors love to attack Discord, as it is a communication platform for developers, gamers, and blockchain and NFT fans. As such, it is filled with potentially lucrative fraud opportunities.