1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers have found a new way to hijack your Discord account

    From TechnologyDaily@1337:1/100 to All on Mon Aug 1 23:00:04 2022
    Hackers have found a new way to hijack your Discord account

    Date:
    Mon, 01 Aug 2022 21:51:58 +0000

    Description:
    Malicious npm packages designed to steal Discord tokens are becoming sadly common.

    FULL STORY ======================================================================

    Cybercriminals have found a new way to steal your Discord account using the npm open-source repository alongside a couple of malware variants.

    As reported by Kaspersky, which first spotted the campaign it dubbed
    LofyLife, the criminals have created four malicious packages that spread two different malware variants: Volt Stealer, and Lofy Stealer.

    These packages have been distributed through the repository, where theyre being adopted by various developers. Once integrated, the malware will seek
    to harvest different information from the victims, including Discord tokens, credit card information, and other types of sensitive, and potentially identifiable data. Tracking password changes

    Kaspersky says the malicious packages are designed for basic tasks, such as formatting headlines, or some gaming functions. However, digging deeper from the surface, the researchers discovered obfuscated malicious JavaScript and Python code. VoltStealer was written in Python, and Lofy Stealer in JavaScript.

    VoltStealer is the one stealing Discord tokens from compromised endpoints. Besides that, it also grabs the victims IP addresses and uploads them via HTTP.

    Lofy Stealer, on the other hand, has the ability to infect Discord client files and monitor the victims actions. It can track when the user logs in, changes their login details (both email and password ), when they change or disable multi-factor authentication , or add a new payment method, including the details of the credit card. All of this data is then uploaded to a remote server. Read more

    Kids are earning pocket money selling malware on Discord


    Discord tokens are being targeted by malicious npm packages


    Keep your business safe with the best endpoint protection

    Threat actors love attacking Discord, as its the go-to communications
    platform for developers, gamers, and blockchain and NFT aficionados. As such, its filled with potentially lucrative fraud opportunities.

    The npm repository, on the other hand, is a public library of open-source code, used by many developers building front-end web apps, mobile apps, bots, or routers. The JavaScript community is seemingly heavily dependent on npm, making LofyLife that much more dangerous. These are the best ID theft protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-have-found-a-new-way-to-hijack-your-dis cord-account/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)