Security News > 2022 > July > Malicious npm packages steal Discord users’ payment card info
Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information.
"All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign 'LofyLife'."
It works by monitoring the victims' actions, such as Discord logins, attempts to change the credentials, multi-factor authentication toggles, or the addition of new payment methods to steal Discord accounts and complete payment information.
Kaspersky added that they're still monitoring updates to npm repositories to ensure that all new malicious packages pushing this info stealer are detected and removed.
This is a recurring theme among malicious npm packages, and it's just one of a seemingly endless stream of malware specifically tailored to target Discord users in recent years with information stealers.
Malicious npm and PyPI libraries were also used to target Discord users, steal their user tokens and browser information, and install MBRLocker data wiping malware calling itself Monster Ransomware.