Security News > 2022 > October > LofyGang hackers built a credential-stealing enterprise on Discord, NPM
The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub.
LofyGang is motivated by financial profit, aiming to achieve high-volume account compromise and then resell access to those accounts on various private channels on the dark web, hacking forums, and Discord.
The Discord channel was created a year ago, offering guidance and support to the group's hacking tool operators, holding promotional Discord Nitro giveaways, and more.
Some of the tools promoted by the gang on GitHub are a Discord spammer, a Nitro generator, a password stealer, a Discord token grabber, and a Discord webhook hiding module.
LofyGang's main Discord malware modifies the legitimate version of the Discord app on the infected system with a malicious version that siphons credit card information every time the user pays for a subscription.
LofyGang uses over 50 accounts to upload NPM packages, fragmenting their malicious operation as much as possible to evade large-scale takedowns.