Skip to main content

Hackers have found a new way to hijack your Discord account

Cybercriminals have found a new way to steal your Discord account using the npm open-source repository alongside a couple of malware variants.

As reported by Kaspersky, which first spotted the campaign it dubbed LofyLife, the criminals have  created four malicious packages that spread two different malware variants: Volt Stealer, and Lofy Stealer. 

These packages have been distributed through the repository, where they’re being adopted by various developers. Once integrated, the malware will seek to harvest different information from the victims, including Discord tokens, credit card information, and other types of sensitive, and potentially identifiable data. 

Tracking password changes

Kaspersky says the malicious packages are designed for basic tasks, such as formatting headlines, or some gaming functions. However, digging deeper from the surface, the researchers discovered obfuscated malicious JavaScript and Python code. VoltStealer was written in Python, and Lofy Stealer in JavaScript.

VoltStealer is the one stealing Discord tokens from compromised endpoints. Besides that, it also grabs the victims’ IP addresses and uploads them via HTTP. 

Lofy Stealer, on the other hand, has the ability to infect Discord client files and monitor the victims’ actions. It can track when the user logs in, changes their login details (both email and password), when they change or disable multi-factor authentication, or add a new payment method, including the details of the credit card. All of this data is then uploaded to a remote server.

Threat actors love attacking Discord, as it’s the go-to communications platform for developers, gamers, and blockchain and NFT aficionados. As such, it’s filled with potentially lucrative fraud opportunities. 

The npm repository, on the other hand, is a public library of open-source code, used by many developers building front-end web apps, mobile apps, bots, or routers. The JavaScript community is seemingly heavily dependent on npm, making LofyLife that much more dangerous.

Source: TechRadar

Popular posts from this blog

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

I replaced my Steam Deck’s noisy fan and am so happy I did

Photo by Sean Hollister / The Verge 160 hours into Elden Ring, I’m sure of one thing: the single most annoying thing about my Steam Deck is its whiny fan. And now, I’m so happy to report there’s a way to fix it. It takes roughly 15 minutes and $30 — depending on where you live — to install a replacement fan from iFixit. Five days ago, the repair company finally got a large shipment of those fans , and I bought one right away. Now, my Steam Deck’s tiny screech is gone. Is the fan still loud? Yes, yes it is, but it’s a whoosh instead of a whine. I like to think of it as the sound of air escaping the Deck’s vents, but mostly, I don’t think about it at all. I can easily tune out the new whoosh, whereas the whine always managed to get my attention even after Valve tweaked its software to bring the fan noise down. In fact, the new fan has less whine than the electrical tape trick I showed you in April , and — YMMV — seems to be oh-so-slightly quieter overall. I did an admittedly

You can make your new Pixel look like a Teenage Mutant Ninja Turtle

A cool thing about Google’s Pixel 6 series phones is their unique camera bar design . If the finish of that strip were a different color than black — specifically blue, orange, purple, or red — it would totally look kind of like the Teenage Mutant Ninja Turtles . And now that you can’t unsee the resemblance, device outfitter Dbrand would like to help make your Pixel 6 device look like one of your favorite childhood heroes. With Google’s latest phone the Pixel 6a releasing next week , Dbrand decided it's a good time to revisit the sewers and launch its Teenage Mutant Ninja Pixels decals for all three phones. They match the green heroes-in-a-half-shell plus their masks, and include four camera decal strips that reflect the colors of Leonardo, Michelangelo, Donatello, and Raphael. Personally, I think the Pixel 6a’s two-camera array does the best job looking like proper eyes (the spidery camera array of the Pixel 6 and 6 Pro, not so much). Available now for the Pixel 6a: https://