Kaspersky researchers have unearthed yet another supply chain attack campaign employing multiple malicious npm packages, this time targeting Discord users to steal their payment card information.
The malware employed in these attacks is a modified version of an open-source and Python-based Volt Stealer token logger and JavaScript malware dubbed Lofy Stealer.
“The Python malware is a modified version of an open-source token logger called Volt Stealer. It is intended to steal Discord tokens from infected machines and the victim’s IP address and upload them via HTTP,” reads the analysis published by Igor Kuznetsov and Leonid Bezvershenko.
The malware monitors the victims’ actions, such as Discord logins, attempts to change the credentials, multi-factor authentication (MFA) toggles, or the addition of new payment methods to steal Discord accounts and payment information.
Subsequentl
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: