The malicious NPM packages used in this supply chain attack can steal Discord tokens and financial data.
Discord, as you may already know, is a VoIP and instant messaging social platform. It is used by millions of users across the globe which makes it a lucrative target for cybercriminals. Just this week, it was reported that hackers are using bots on Discord and Telegram data
Now, Kaspersky researchers have discovered a malicious new campaign, which they have dubbed LofyLife. They discovered this campaign on 26 July through the internal automated system for monitoring open-source repositories.
The objective of this campaign is to collect sensitive user data, including Discord tokens, credit card details, and spying on the users.
What is an NPM Repository?
- New YTStealer Malware is Hijacking YouTube Channels
- 6 official Python repositories plagued with cryptomining malware
- Cybercriminals hit malware authors with malicious NPM packages
- GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms
Analysis of the Malicious Packages
The malicious packages identified in the NPM repository featured obfuscated codes. The Python malware is reportedly a modified version of Volt Stealer open-source token logger. This malware steals Discord tokens from compromised devices. It can also steal the victim’s IP address and upload it over HTTP.
The stolen Discord tokens may be leveraged in spear-phishing attacks on the victim’s contacts since even a novice developer can import malicious packages without alerting the user. That’s because the NPM provides a massive library of open-source packages for code enhancement. These packages are easy to use, so these have become a popular target.
More Malware News
- Teen “Hackers” on Discord Selling Malware for Quick Cash
- QBot Malware Exploiting Windows Calculator to Compromise Devices
- Microsoft Office Most Exploited Software in Malware Attacks – Report
- Ducktail Malware Exploits LinkedIn to Hack Facebook Business Accounts
- Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool