Cyber criminals have found a new way to steal your Discord account using the npm open-source repository alongside some malware (opens in new tab) variants.
As reported by Kaspersky, who first saw the campaign it called LofyLife, the criminals have created four malicious packages that distribute two different malware variants: Volt Stealer and Lofy Stealer.
These packages are distributed through the repository, where they are adopted by various developers. Once integrated, the malware attempts to collect various information from the victims, including Discord tokens, credit card details, and other types of sensitive and potentially identifiable data.
Track password changes
VoltStealer is the one that steals Discord tokens from compromised endpoints. In addition, it also grabs the IP addresses of the victims and uploads them via HTTP.
Lofy Stealer, on the other hand, has the ability to infect Discord client files and track the actions of the victims. It can track when the user logs in, changes his login details (both email address and password) (opens in new tab)), when they change or disable multi-factor authentication (opens in new tab), or add a new payment method, including credit card details. All this data is then uploaded to a remote server.
Threat actors love to attack Discord as it is the communication platform for developers, gamers and blockchain and NFT enthusiasts. As such, it is filled with potentially lucrative fraud opportunities.