Security News > 2022 > October > LofyGang hackers built a credential-stealing enterprise on Discord, NPM
The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub.
LofyGang is motivated by financial profit, aiming to achieve high-volume account compromise and then resell access to those accounts on various private channels on the dark web, hacking forums, and Discord.
The Discord channel was created a year ago, offering guidance and support to the group's hacking tool operators, holding promotional Discord Nitro giveaways, and more.
Some of the tools promoted by the gang on GitHub are a Discord spammer, a Nitro generator, a password stealer, a Discord token grabber, and a Discord webhook hiding module.
LofyGang's main Discord malware modifies the legitimate version of the Discord app on the infected system with a malicious version that siphons credit card information every time the user pays for a subscription.
LofyGang uses over 50 accounts to upload NPM packages, fragmenting their malicious operation as much as possible to evade large-scale takedowns.
News URL
Related news
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms (source)