Dwelling › Virus & Threats

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Provide Chain Assaults

By Ionut Arghire on October 11, 2022

Tweet

A cybercrime group named LofyGang has distributed roughly 200 malicious NPM packages which were downloaded hundreds of occasions over the previous yr, in accordance with Checkmarx.

Seemingly working out of Brazil, LofyGang seems to be an organized crime group centered on a number of hacking actions, together with bank card knowledge theft and Discord premium upgrades, in addition to the hacking of video games and streaming service accounts.

LofyGang has been noticed abusing a number of public cloud providers for command and management (C&C) functions, together with Discord, GitHub, glitch, Heroku, and Repl.it, creating sock-puppet accounts utilizing a closed dictionary of names (slight permutations of evil, satan, lofy, polar, panda, kakau, and vilão).

Since October 2021, the group has been utilizing a Discord server for communication between directors and members, and to offer technical assist for its hacking instruments.

The group additionally operates the GitHub account PolarLofy – which presents instruments and bots for Discord, together with a spammer, a password stealer, a Nitro generator, and a chat wiper, amongst others – and operates a YouTube account that accommodates self-promotion content material.

Over the previous yr, LofyGang has printed roughly 200 malicious open supply packages, which both contained or linked to generic malicious payloads, password stealers, and Discord-specific malware.

The menace actor was seen counting on typosquatting and starjacking to create a false sense of legitimacy, referencing reputable GitHub repositories of their packages, and copying the descriptions of standard packages.

To keep away from detection, the group used clear first-level packages that had malicious packages amongst their dependencies and changed the malicious dependency with a brand new one when found and eliminated. The attackers used completely different NPM consumer accounts to publish these packages.

A number of the packages related to LofyGang would modify the put in Discord occasion to steal bank card knowledge that was despatched on to the attackers instantly when a cost was made.

LofyGang was additionally noticed promoting pretend Instagram followers to an underground hacking neighborhood, in addition to leaking on-line accounts, and selling their hacking instruments and bots.

In response to Checkmarx, the group additionally focused the customers of its hacking instruments with malicious packages, with some members of the underground neighborhood cautioning about potential infections.

“LofyGang’s hack instruments additionally rely on malicious packages, which infect their operators with persistent hidden malware utilizing the identical capabilities described,” Checkmarx notes.

The group additionally created a Discord bot “to deploy stolen bank cards on the operator’s account”, claiming that using the bot would enhance LofyGang’s Discord server.

“The surge of current open-source provide chain assaults teaches us that cyber attackers have realized that abusing the open-source ecosystem represents a simple technique to improve the effectiveness of their assaults. Communities are being shaped round using open-source software program for malicious functions. We consider that is the beginning of a development that can improve within the coming months,” Checkmarx concludes.

Associated: GitHub Improves npm Account Safety as Incidents Rise

Associated: Checkmarx Finds Menace Actor ‘Totally Automating’ NPM Provide Chain Assaults

Associated: 1,300 Malicious Packages Present in Standard npm JavaScript Package deal Supervisor

Get the Every day Briefing

• Most Latest
• Most Learn

• Microsoft Warns of New Zero-Day; No Repair But For Exploited Change Server Flaws
• Patch Tuesday: Important Flaws in ColdFusion, Adobe Commerce
• Siemens Not Ruling Out Future Assaults Exploiting International Non-public Keys for PLC Hacking
• Automotive Safety Threats Are Extra Important Than Ever
• Oort Raises $15 Million for Identification Menace Detection and Response Platform
• LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Provide Chain Assaults
• Intel Confirms UEFI Supply Code Leak as Safety Consultants Increase Considerations
• Toyota Discloses Information Breach Impacting Supply Code, Buyer E-mail Addresses
• Fortinet Confirms Zero-Day Vulnerability Exploited in One Assault
• UK Spy Chief to Warn of ‘Enormous’ China Tech Menace

Searching for Malware in All of the Incorrect Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

The best way to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

The best way to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.