LofyLife: Campaign distributes infected open source code packages
Two days ago, on July 26, Kaspersky experts discovered a new malicious campaign called 'LofyLife' using the internal automated system monitoring open source repositories. The public collection of open source code packages is thus compromised. The campaign uses four malicious packages that proliferate 'Volt Stealer' and 'Lofy Stealer' malware in the open-source npm repository. They collect various information from their victims, including Discord tokens and credit card information, and spy on them over time. Infected Open Source Code Packages The npm repository is a public collection of open source code packages widely used in front-end web apps, mobile apps, robots and routers and…