Malicious npm package caught trying to steal sensitive files

Discussion in 'other security issues & news' started by mood, Aug 28, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,056
    Malicious npm package caught trying to steal sensitive Discord and browser files
    Malicious code was hidden inside a JavaScript library
    August 28, 2020

    https://www.zdnet.com/article/malic...to-steal-sensitive-discord-and-browser-files/
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,056
    Four npm packages found uploading user details on a GitHub page
    Collected information included IP address, country, city, computer username, home directory path, and CPU model
    October 5, 2020

    https://www.zdnet.com/article/four-npm-packages-found-uploading-user-details-on-a-github-page/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,056
    NPM nukes NodeJS malware opening Windows, Linux reverse shells
    October 16, 2020
    https://www.bleepingcomputer.com/ne...malware-opening-windows-linux-reverse-shells/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,056
    Malicious NPM project steals Discord accounts, browser info
    November 9, 2020
    https://www.bleepingcomputer.com/ne...project-steals-discord-accounts-browser-info/
    Sonatype: Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,056
    Discord-Stealing Malware Invades npm Packages
    The CursedGrabber malware has infiltrated the open-source software code repository
    January 22, 2021

    https://threatpost.com/discord-stealing-malware-npm-packages/163265/
    Sonatype: CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.