Home Security LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit score Card Knowledge

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit score Card Knowledge

by crpt os


Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang.

Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with Discord Nitro, gaming, and streaming services.

“LofyGang operators are seen promoting their hacking tools in hacking forums, while some of the tools are shipped with a hidden backdoor,” the software security company said in a report shared with The Hacker News prior to its publication.

CyberSecurity

Various pieces of the attack puzzle have already been reported by JFrog, Sonatype, and Kaspersky (which called it LofyLife), but the latest analysis pulls the various operations together under one organizational umbrella that Checkmarx is referring to as LofyGang.

LofyGang NPM Malware

Believed to be an organized crime group of Brazilian origin, the attackers have a track record of using sock puppet accounts to advertise their tools and services on GitHub, YouTube, and leaking thousands of Disney+ and Minecraft accounts on underground hacking forums.

It’s also known to employ a Discord server created nearly a year ago on October 31, 2021, to provide technical support and communicate with their members. One of its main offerings is a service that sells fake Instagram followers.

“Discord, Repl.it, glitch, GitHub, and Heroku are just a few services LofyGang is using as [command-and-control] servers for their operation,” the researchers noted.

What’s more, the fraudulent packages traced back to the group have been found to embed password stealers and Discord-specific malware, some of which are designed to steal credit cards.

To conceal the scale of the supply chain attack, the packages are intentionally published through different user accounts so that other weaponized libraries remain unaffected on the repositories even if one of them is spotted and removed by the maintainers.

CyberSecurity

Furthermore, the adversary has been found using a sneaky technique wherein the top-level package is kept free of malware but have it depend on another package that introduces the malicious capabilities.

That’s not all. Even the hacking tools shared by LofyGang on GitHub depend on malicious packages, effectively acting as a conduit to deploy persistent backdoors on the operator’s machines.

The findings are yet another indication that threat actors are increasingly setting their sights on the open source ecosystem as a stepping point to widen the scope and effectiveness of the attacks.

“Communities are being formed around utilizing open-source software for malicious purposes,” the researchers concluded. “We believe this is the start of a trend that will increase in the coming months.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex