1 min read

Fake Discord npm Package Is a Malware that Steals Browser Data

Silviu STAHIE

November 10, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake Discord npm Package Is a Malware that Steals Browser Data

Security researchers have identified a malicious npm package that an attacker designed to steal web browser files and Discord gaming instant messages. This is not the first attempt of its kind, and it looks like the project has been online for quite some time.

Npm packages are usually JavaScript libraries, and developers regularly use them in various projects. While these libraries are generally loaded directly in browsers, it”s possible to integrate them into apps as well. The widespread use of such libraries makes the npm packages a common target, so attackers constantly try to compromise them.

Usually, the attackers use common names for the files, to confuse potential users. In the recent campaign, the names followed a similar pattern:

discord.dll

discord.app

wsbd.js

ac-addon

“The discord.dll is an npm component which conducts sinister activities that are hard to spot upfront,” say the researchers from Sonatype. “It also uses the legitimate Discord.js npm dependency to potentially distract researchers from its otherwise nefarious activities.”

The attacker”s goal is to exfiltrate Discord and web browser”s “leveldb” files. Furthermore, the package contains mentions of collecting other types of data, such as the IP address or PC username. The project also includes a Webhook.js file that allows the attacker to send the stolen information to a Discord channel.

Upon further inspection, the researchers found that the same attacker had a similar campaign a while ago, albeit using more complex tools.

The team found the package on November 9 and disclosed the situations on the same day. Researchers defended this position, saying that since the package was already live, with a few hundred downloads, users had to be informed as soon as possible.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read