Threat Post

Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Threat actors once again are using the node ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
ZDNet

Malicious npm packages are stealing Discord tokens

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read now DevOps security firm JFrog discovered 17 ...
Bleeping Computer

Malicious npm packages steal Discord users’ payment card info

Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. The malware used in these attacks is a variant of ...