Security researchers have found out yet yet another supply chain attack marketing campaign using malicious npm offers, this time focusing on Discord users.
Kaspersky said it recognized 4 suspicious offers in the popular npm repository. It has named the campaign, which options destructive, obfuscated Python and JavaScript code, LofyLife.
The reason of the marketing campaign appears to be to steal Discord tokens and users’ card data.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“The Python malware is a modified edition of an open up resource token logger called Volt Stealer. It is intended to steal Discord tokens from contaminated machines, alongside with the victim’s IP tackle, and upload them by way of HTTP,” claimed Kaspersky.
“The JavaScript malware we dubbed ‘Lofy Stealer’ was created to infect Discord customer information in get to observe the victim’s actions. It detects when a person logs in, modifications email or password, enables/disables multi-factor authentication (MFA) and adds new payment procedures, like total lender card details. Gathered facts is also uploaded to the remote endpoint whose address is tough-coded.”
The marketing campaign is nevertheless a different case in point of a expanding risk to the developer neighborhood and downstream buyers – of devs unwittingly downloading malware as they use open up supply packages to accelerate time-to-market place.
Garwood Pang, senior security researcher at Tigera, spelled out that stolen Discord tokens could be leveraged in comply with-on spear-phishing attacks on victims’ friends.
“Npm presents a single of the most preferred package deal professionals for JavaScript. This will allow builders accessibility to a enormous library of open resource offers to improve their code. However, owing to the ease of use and the volume of listing, an inexperienced developer can easily import malicious deals with no their information,” he warned.
“With much more than 11 million people utilizing npm, the opportunity viewers of a profitable offer chain attack is sizeable compared to targeting a distinct business.”
That has created npm an ever more well known target. Previously this month, security researchers learned extra than two dozen npm modules made up of obfuscated JavaScript code built to steal form info from the applications they ended up deployed to.
Some components of this article are sourced from:
www.infosecurity-magazine.com
Six cyber security holes you need to plug now