1 min read

Fake Discord npm Package Is a Malware that Steals Browser Data

Silviu STAHIE

November 10, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake Discord npm Package Is a Malware that Steals Browser Data

Security researchers have identified a malicious npm package that an attacker designed to steal web browser files and Discord gaming instant messages. This is not the first attempt of its kind, and it looks like the project has been online for quite some time.

Npm packages are usually JavaScript libraries, and developers regularly use them in various projects. While these libraries are generally loaded directly in browsers, it”s possible to integrate them into apps as well. The widespread use of such libraries makes the npm packages a common target, so attackers constantly try to compromise them.

Usually, the attackers use common names for the files, to confuse potential users. In the recent campaign, the names followed a similar pattern:

discord.dll

discord.app

wsbd.js

ac-addon

“The discord.dll is an npm component which conducts sinister activities that are hard to spot upfront,” say the researchers from Sonatype. “It also uses the legitimate Discord.js npm dependency to potentially distract researchers from its otherwise nefarious activities.”

The attacker”s goal is to exfiltrate Discord and web browser”s “leveldb” files. Furthermore, the package contains mentions of collecting other types of data, such as the IP address or PC username. The project also includes a Webhook.js file that allows the attacker to send the stolen information to a Discord channel.

Upon further inspection, the researchers found that the same attacker had a similar campaign a while ago, albeit using more complex tools.

The team found the package on November 9 and disclosed the situations on the same day. Researchers defended this position, saying that since the package was already live, with a few hundred downloads, users had to be informed as soon as possible.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read