Cybercriminals have found a new way to steal your Discord account using the open source npm repository along with several malware (opens in a new tab) options.
According to Kaspersky, which first noticed the campaign called LofyLife, criminals have created four malicious packages that distribute two different variants of the malware: Volt Stealer and Lofy Stealer.
These packages have been distributed through a repository where they are hosted by various developers. Once integrated, the malware will seek to obtain various information from victims, including Discord tokens, credit card information, and other types of sensitive and potentially identifiable data.
Password change tracking
Kaspersky says the malicious packages are designed to perform basic tasks, such as formatting headers or certain game functions. However, digging deeper than the surface, the researchers discovered a tangle of JavaScript and Python malware. VoltStealer was written in Python and Lofy Stealer in JavaScript.
VoltStealer is someone who steals Discord tokens from compromised endpoints. In addition, it also captures victims’ IP addresses and downloads them via HTTP.
On the other hand, Lofy Stealer has the ability to infect Discord client files and monitor the victim’s activities. It can track when a user logs in, changes their login details (both email and password (opens in a new tab)) when they are changed or disabled multi-factor authentication (opens in a new tab), or add a new payment method, including credit card details. All this data is then uploaded to a remote server.
Threat actors love to attack Discord, as it is a communication platform for developers, gamers, and blockchain and NFT fans. As such, it is filled with potentially lucrative fraud opportunities.
On the other hand, the npm repository is a public open source code library used by many developers when building front-end web applications, mobile applications, bots or routers. The JavaScript community seems to depend heavily on npm, which makes LofyLife that much more dangerous.
https://www.techradar.com/news/hackers-have-found-a-new-way-to-hijack-your-discord-account/
