Cybercriminals are targeting online gaming platforms like Discord and Roblox, exploiting their large, active user bases for illicit financial gain. The attackers create and distribute malicious npm and PyPI packages, often resembling or piggybacking on familiar, trusted tools to trick users into executing these packages. Tactics used include infecting open source libraries for bots, plugins, and game cheats, and using social engineering to distribute malware. Often, these packages can deploy trojans, infostealers or other payload-laden tools often used to harvest credentials.
Chinese Hackers Hijack VPN’s Website to Spread Malware
Chinese hackers reportedly hijacked South Korean VPN provider IPany’s website to spread malware, according to antivirus company ESET. The malware was discovered in May 2024
