There’s always more information about how to keep your Discord account safe. With the help of a few malware variations and the npm open-source repository, cybercriminals have discovered a new way to steal your Discord account.
The thieves have developed four harmful packages that disseminate two distinct malware variants. Volt Stealer and Lofy Stealer.
These packages have been made available through the repository, where numerous developers are utilizing them. Once incorporated, the virus will try to collect various pieces of information from the victims. Such as credit card numbers, Discord tokens, and other kinds of delicate and perhaps identifying information.
Monitoring changes to passwords to keep your Discord account safe
According to Kaspersky, malicious software is made for simple tasks like formatting headlines or some gaming features. But as the researchers dug deeper, they found malicious JavaScript and Python code that had been obscured. Both Lofy Stealer and VoltStealer were created using JavaScript.
Discord tokens are taken from hacked endpoints by VoltStealer. Additionally, it seizes the IP addresses of the victims and uploads them using HTTP.
On the other hand, Lofy Stealer has the capacity to infect Discord client files and watch the victims’ activities. It can keep track of when a user logs in, updates their login information (including their email and password), modifies or disables multi-factor authentication, or adds a new payment method that includes credit card information. Then, all of this information is uploaded to a distant server.
Discord is the preferred messaging app for developers, gamers, and fans of blockchain and NFT, therefore threat actors love to target it. As a result, it is rife with opportunities for fraud that might be quite profitable.
On the other hand, the npm repository is a widely used open-source code library that is utilized by many developers when creating front-end web applications, mobile applications, bots, or routers. It appears that the JavaScript community relies significantly on npm, which makes LofyLife even riskier.
Leave a Reply