LofyGang distributes numerous credential-stealing tools

October 13, 2022
LofyGang Hacker Group Credential Stealing Hacking Tools Gaming Discord Backdoors Malware

The notorious LofyGang hacking group has developed a credential-stealing enterprise that distributes over 200 malicious packages and fake hacking tools. These products are available in the code hosting platforms like npm and GitHub.

This hacking group has been on a rampage for about a year, already intending to steal credit card details, compromise streaming services, snatch user accounts of Discord Nitro, and target gamers.

Moreover, LofyGang endorses its hacking tools, such as password stealer, webhook hiding module, Discord token grabber, and Nitro generator in hacking forums, where most of the tools include a hidden backdoor.

The threat actors also use several platforms like Discord, Heroku, GitHub, Rep, and glitch as command-and-control servers. The fraudulent packages utilised by the actors include password stealers, especially crafter malware for Discord users.

 

The LofyGang hackers have used several accounts to minimise the chances of getting traced by researchers.

 

The LofyGang group publishes their malicious packages through several user accounts to hide the scale of their supply chain attack. This method allows the malicious libraries to stay safe on the repositories even if one package was detected and deleted by defenders.

In addition, the group has been abusing a technique where a top-level package is left free of malware while other unprioritised packages that are downloaded later include malicious payloads.

Furthermore, the malicious tools disseminated by the group on GitHub rely on malicious packages that act as a vector to deploy persistent backdoors on the targeted systems.

As of now, several researchers have already identified different activities that this campaign produces. Other researchers have also been tracking the threat actor called LofyLife. These actors were seen using compromised npm packages to target Discord users.

However, some cybersecurity experts claim that a single group only governs these different activities, and that is the LofyGang hacker group.

The sudden trend of compromised open-source products has set the tone for cybercriminals to increase their attacks. The latest findings support that these threat actors are now looking to exploit a more open-source landscape. Therefore, developers should meticulously select packages that are available on npm and GitHub.

About the author