![]() “It detects when a user logs in, changes email or password, enables/disables multi-factor authentication (MFA) and adds new payment methods, including complete bank card details,” researchers Igor Kuznetsov and Leonid Bezvershenko wrote. The Python code turned out to be a modified version of the open-source token logger Volt Stealer, while the novel JavaScript malware–dubbed “LofyStealer”–was created to infect Discord client files so threat actors can monitor the victim’s actions, researchers said. Researchers were monitoring open-source repositories on Tuesday when they noticed suspicious activity in the form of four packages containing “highly obfuscated malicious Python and JavaScript code” in the npm repository, they wrote in the post. The campaign, dubbed LofyLife, is aimed at stealing Discord tokens as well as victims’ IP addresses from infected machines, they said in a blog post on Secure List published Thursday. Threat actors once again are using the node package manager (npm) repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found.Ī campaign discovered this week by Kaspersky researchers is hiding an open-source token logger alongside a novel JavaScript malware in npm packages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |