Hackers have found a new way to hijack your Discord account
Scammers found distributing malicious npm packages
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals have found a new way to steal your Discord account using the npm open-source repository alongside a couple ofmalwarevariants.
As reported by Kaspersky, which first spotted the campaign it dubbed LofyLife, the criminals have created four malicious packages that spread two different malware variants: Volt Stealer, and Lofy Stealer.
These packages have been distributed through the repository, where they’re being adopted by various developers. Once integrated, the malware will seek to harvest different information from the victims, includingDiscordtokens, credit card information, and other types of sensitive, and potentially identifiable data.
Tracking password changes
Kaspersky says the malicious packages are designed for basic tasks, such as formatting headlines, or some gaming functions. However, digging deeper from the surface, the researchers discovered obfuscated malicious JavaScript and Python code. VoltStealer was written in Python, and Lofy Stealer in JavaScript.
VoltStealer is the one stealing Discord tokens from compromised endpoints. Besides that, it also grabs the victims’ IP addresses and uploads them via HTTP.
Lofy Stealer, on the other hand, has the ability to infect Discord client files and monitor the victims’ actions. It can track when the user logs in, changes their login details (both email andpassword), when they change or disablemulti-factor authentication, or add a new payment method, including the details of the credit card. All of this data is then uploaded to a remote server.
Kids are earning pocket money selling malware on Discord>Discord tokens are being targeted by malicious npm packages>Keep your business safe with the best endpoint protection
Threat actors love attacking Discord, as it’s the go-to communications platform for developers, gamers, and blockchain and NFT aficionados. As such, it’s filled with potentially lucrative fraud opportunities.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The npm repository, on the other hand, is a public library of open-source code, used by many developers building front-end web apps, mobile apps, bots, or routers. The JavaScript community is seemingly heavily dependent on npm, making LofyLife that much more dangerous.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
