Discord users are being targeted once again by malware. This time the malware can steal Discord tokens and personal data.
The malware uses the npm repository, which is used by software developers across the world to help compile apps.
The malware is apparently designed to steal Discord tokens, user session data, passwords and more.
It can also apparently disable two-factor authentication and add payment details to accounts without you knowing about it.
According to Kaspersky:
“The campaign employed four malicious packages spreading Volt Stealer and Lofy Stealer malware in the npm repository to gather various information from victims, including Discord tokens and linked credit card information, and to spy on them over time.”
Volt Stealer is attributed with stealing Discord tokens along with the victim’s IP address, and uploading them via HTTP.
The Lofy Stealer malware can infect Discord client files and monitor the victim’s actions.
Those actions can include user logins, changes to user account details, any changes to two-factor authentication and the ability to add new payment methods using any discovered payment details on the infected device.
All collected data is also uploaded to the bad actor’s server for future use.
The open source npm repositories are central to how software is now developed.
Tens of millions of people use npm and the code deposited there is downloaded billions of times a year. It’s used in all kinds of software too.
Typically, a developer would check the files downloaded from npm and perform due diligence to ensure it’s safe.
Outfits like Kaspersky remotely monitor npm repositories but it’s also up to individual developers who download from them to check all files are legit.
It’s also up to all of us to keep our devices secure and perform regular malware and antivirus scans.
It’s almost impossible to prevent malware hitting repositories, but a combination of developer awareness, third-party monitoring by companies like Kaspersky and vigilance on our part can all help.
In the meantime, if you use Discord, perhaps it’s time to perform a more detailed malware scan than usual!