Bleeping Computer

LofyGang hackers built a credential-stealing enterprise on Discord, NPM

The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub. Researchers ...
Threat Post

Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Threat actors once again are using the node ...
Bleeping Computer

PyPI packages caught stealing credit card numbers, Discord tokens

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to ...
Infosecurity-magazine.com

Malicious Npm Packages Designed to Steal Discord Tokens

Security researchers have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users. Kaspersky said it identified four suspicious packages in ...
TWCN Tech News

What is Update.exe from GitHub? Is it related to Discord?

The Update.exe file belongs to a messaging service app called Discord, whose programming error caused the issue. In some cases, Discord was even listed in the Windows ...
Threat Post

Attackers Blowing Up Discord, Slack with Malware

One Discord network search turned up 20,000 virus results, researchers found. Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their ...
ZDNet

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply ...