Malicious npm packages steal the payment card information of Discord users

In an ongoing malicious campaign dubbed LofyLife, multiple malicious packages are being used to infect Discord users with malware that steals their payment card information.

After installing the malicious modules small-sm, pern-valids, lifeculer, or proc-title, the malware is automatically deployed.

It collects Discord tokens as well as system information, including the IP addresses of the victims.

The LofyLife malware was installed after malicious packages were installed in the Node Package Manager (npm) repository.

It collects Discord tokens and system information, including the victims’ IP addresses, once installed.

It’s just one of a seemingly endless stream of malware designed to steal information from Discord users.