Newly-discovered threat group LofyGang has been conducting various hacking operations since beginning its operations more than a year ago, reports SiliconAngle. More than 200 malicious packages with thousands of installations this year alone have been associated with LofyGang, which has been working not only to target credit card information but also credentials for Disney+, Minecraft, and premium Discord accounts, a Checkmarx report revealed. Software supply chain attacks have also been traced back to LofyGang. The report also showed that LofyGang's hacking tools are being promoted on a page in GitHub. "The surge of recent open-source supply chain attacks teaches us that cyber attackers have realized that abusing the open-source ecosystem represents an easy way to increase the effectiveness of their attacks. Communities are being formed around utilizing open-source software for malicious purposes. We believe this is the start of a trend that will increase in the coming months," said researchers.