LofyGang Cybercrime Organization Employed 200 Malicious NPM Packages in Supply Chain Attacks


According to Checkmarx, a cybercriminal organization called LofyGang has disseminated about 200 harmful NPM packages, which have been downloaded thousands of times in the previous year.

LofyGang appears to be an organized crime group based out of Brazil that specializes in a variety of hacking activities, such as credit card data theft, Discord premium upgrades, account hacking for games and streaming services, among others.

The organization has been seen using a closed dictionary of names (slight variations of evil, devil, lofy, polar, panda, kakau, and vilo) to create sock-puppet accounts for command and control (C&C) purposes on Discord, GitHub, glitch, Heroku, and Repl.it.

Read More: Oort Raises $15 Million for Identity Threat Detection and Response Platform

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.