"Malicious Npm Packages Designed to Steal Discord Tokens"

Security researchers at Kaspersky have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users.  The researchers said they identified four suspicious packages in the popular npm repository.  The researchers named the campaign, which features malicious, obfuscated Python and JavaScript code, LofyLife.  The campaign's purpose appears to be to steal Discord tokens and users' card data.  The researchers noted that the Python malware is a modified version of an open source token logger called Volt Stealer.  It is intended to steal Discord tokens from infected machines, along with the victim's IP address, and upload them via HTTP.  The researchers stated that the JavaScript malware they dubbed "Lofy Stealer" was created to infect Discord client files in order to monitor the victim's actions.  The malware detects when a user logs in, changes email or password, enables/disables multi-factor authentication (MFA), and adds new payment methods, including complete bank card details.  Collected information is also uploaded to the remote endpoint, whose address is hard-coded.

Infosecurity reports: "Malicious Npm Packages Designed to Steal Discord Tokens"