The server also features a Discord bot that can grant users a free subscription to Discord Nitro using stolen credit card credentials. Users can join this Discord server to receive help using the tools. LofyGang promotes these tools on various platforms, including YouTube, where the group uploads tutorials for the tools.Īnother avenue for promoting the LofyGang’s malicious hacking tools is the group’s Discord server, which has been in operation since October of 2021. These tools also have malicious dependencies that steal account and credit card credentials. Similar to the npm packages, the hacking tools tend to be Discord-related. In addition to malicious npm packages, LofyGang distributes malicious hacking tools on GitHub.
#Rss bot discord update#
If one of the malicious dependencies is reported and removed, the threat actor can simply upload a new malicious dependency and push out an update to the original npm package downloaded by the user directing it to rely on this new malicious dependency. Hiding malware in dependencies this way means that the original malicious packages are less likely to be reported as malicious and removed from the npm website. However, rather than directly containing malicious code, these packages instead depend on secondary packages which contain malicious code.
#Rss bot discord install#
Unfortunately for those who install these malicious npm packages, the packages serve to steal users’ account and credit card credentials. An unsuspecting user who accidentally inputs a typo when searching for a legitimate package may stumble upon on a listing for one of these malicious packages, not notice the misspelling, and end up installing the package. The group also ties its npm packages to active and reputable GitHub repositories in order to lend their malicious packages credibility on the npm website. LofyGang tricks users into installing these malicious packages rather than legitimate ones by uploading multiple versions of its packages with different misspellings of popular packages. These npm packages mimic legitimate packages that help users interact with the Discord API. The researchers discovered at least 200 malicious npm packages uploaded to the official npm website by various sock puppet accounts belonging to LofyGang. However, these tools, packages, and services come with a hidden cost, which is the theft of users’ account and credit card credentials.
This group of cybercriminals caters to other nefarious actors and Discord users by offering hacking tools, Discord-related npm packages, and other services for free. Researchers at the cybersecurity firm Checkmarx have managed to map out a complex web of criminal activity that all ties back to a threat actor known as LofyGang.
0 kommentar(er)
