Discord users are having their payment card information stolen in the ongoing LofyLife malware
campaign distributing the Volt Stealer token logger and Lofy Stealer malware, reports BleepingComputer
Four malicious Node Package Manager modules small-sm, pern-valids, lifeculer, or proc-title enable automatic deployment of the malware, with Volt Stealer gathering Discord tokens, victims' IP addresses, and other system data, and Lofy Stealer proceeding to track Discord logins, credential modification attempts, and other user actions, according to a report from Kaspersky.
Researchers also found that the harvested data is uploaded to attacker-controlled servers with addresses that have been hard-coded in the malware. NPM repository updates are being monitored by researchers who seek to identify and remove the malicious malware-containing packages. Malicious NPM packages have already been used to target Discord users, with a 2019 campaign involving the use of the Spidey Bot malware to backdoor and compromise the Windows Discord client with an information-stealing trojan.