Hackers have found a new way to hack users’ account. To do this, they distribute fake packages capable of performing various tasks on the application, but which actually hides two malwares. One allows to recover the identifiers of the victim, the other to spy on his activity on the messaging system.
The crazy rise of Discord in recent years has come with an unfortunately predictable downside: the growing interest of hackers in the platform. Several reasons can explain this phenomenon: the popularity of messaging of course, but also its extensive use by cryptocurrency investors, ideal targets for hackers who covet their assets.
So it didn’t take long for Discord to become a real malware nest, and this new hacking method confirms it again. The goal of the hackers here is to gain access to the account of their victims. To do this, they have created several packages that they deposit in the npm manager, an open source code library that helps developers in their application or bot projects, to name a few.
Hackers have found a new way to steal your credentials
On the surface, these packets are quite normal. Hackers pass them off as plug-ins capable of performing various tasks, such as formatting text. In fact, these packages contain two particularly vicious malware: Volt Stealer and Lofy Stealer. The first aims to steal the victim’s login tokens, similar to the technique used by hackers to gain access to Twitter user accounts. The malware is also able to retrieve the target’s IP address.
On the same subject — Discord: children use the platform to sell malware!
Lofy Stealer, on the other hand, infects victims’ client files to allow hackers to track their activity on Discord. It is then possible for them to know when the user connects, when he activates double authentication or, even more serious, when he adds payment methods. All of this data is then uploaded to a third-party server, giving full access to the person’s sensitive information.