New LofyLife Malware Targets Discord Users

Jamie Kavanagh
Jamie Kavanagh
August 5th, 2022

Discord users are being targeted once again by malware. This time the malware can steal Discord tokens and personal data.

The malware uses the npm repository, which is used by software developers across the world to help compile apps.

Kaspersky found malicious Python and JavaScript code within npm that contained Volt Stealer and Lofy Stealer malware.

The malware is apparently designed to steal Discord tokens, user session data, passwords and more.

It can also apparently disable two-factor authentication and add payment details to accounts without you knowing about it.

According to Kaspersky:

“The campaign employed four malicious packages spreading Volt Stealer and Lofy Stealer malware in the npm repository to gather various information from victims, including Discord tokens and linked credit card information, and to spy on them over time.”

Discord malware

Volt Stealer is attributed with stealing Discord tokens along with the victim’s IP address, and uploading them via HTTP.

The Lofy Stealer malware can infect Discord client files and monitor the victim’s actions.

Those actions can include user logins, changes to user account details, any changes to two-factor authentication and the ability to add new payment methods using any discovered payment details on the infected device.

All collected data is also uploaded to the bad actor’s server for future use.

NPM and infections

The open source npm repositories are central to how software is now developed.

Tens of millions of people use npm and the code deposited there is downloaded billions of times a year. It’s used in all kinds of software too.

Typically, a developer would check the files downloaded from npm and perform due diligence to ensure it’s safe.

Outfits like Kaspersky remotely monitor npm repositories but it’s also up to individual developers who download from them to check all files are legit.

It’s also up to all of us to keep our devices secure and perform regular malware and antivirus scans.

It’s almost impossible to prevent malware hitting repositories, but a combination of developer awareness, third-party monitoring by companies like Kaspersky and vigilance on our part can all help.

In the meantime, if you use Discord, perhaps it’s time to perform a more detailed malware scan than usual!

© 2023 Redact - All rights reserved