Lofy Stealer Grabs Credit Card Data

Security researchers identified a new malicious campaign pushing an infostealer malware dubbed Lofy. The campaign itself is called LofyLife and was first reported by a team with Securelist.

According to that team, the infostealing malware was written and compiled using Python and is based on a previous open-sourced version of an infostealer named Volt Stealer. The primary goal of the infostealer is to infect and tamper with the files of the Discord messaging and voice chat application.

Compromised installs of Discord allow the bad actors behind Lofy to detect login activity as well as a range of actions the user may take, including nabbing the complete details of new payment methods added to the account in the form of credit cards.

The malware has a list of addresses associated with it, that are used in the process of data exfiltration from the victim system. The list includes the following domain names:

life.polarlabs.repl dot co

Sock.polarlabs.repl dot co

idk.polarlabs.repl dot co

Infostealers of this kind can cause significant loss of privacy and bring all the nasty potential outcomes associated with it down the road, from fraud to impersonation and financial loss.

August 1, 2022