Fake Discord npm Package Is a Malware that Steals Browser Data
Security researchers have identified a malicious npm package that an attacker designed to steal web browser files and Discord gaming instant messages. This is not the first attempt of its kind, and it looks like the project has been online for quite some time.
Usually, the attackers use common names for the files, to confuse potential users. In the recent campaign, the names followed a similar pattern:
“The discord.dll is an npm component which conducts sinister activities that are hard to spot upfront,” say the researchers from Sonatype. “It also uses the legitimate Discord.js npm dependency to potentially distract researchers from its otherwise nefarious activities.”
The attacker”s goal is to exfiltrate Discord and web browser”s “leveldb” files. Furthermore, the package contains mentions of collecting other types of data, such as the IP address or PC username. The project also includes a Webhook.js file that allows the attacker to send the stolen information to a Discord channel.
Upon further inspection, the researchers found that the same attacker had a similar campaign a while ago, albeit using more complex tools.
The team found the package on November 9 and disclosed the situations on the same day. Researchers defended this position, saying that since the package was already live, with a few hundred downloads, users had to be informed as soon as possible.
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022