Malicious npm package caught trying to steal sensitive Discord and browser files Malicious code was hidden inside a JavaScript library August 28, 2020 https://www.zdnet.com/article/malic...to-steal-sensitive-discord-and-browser-files/
Four npm packages found uploading user details on a GitHub page Collected information included IP address, country, city, computer username, home directory path, and CPU model October 5, 2020 https://www.zdnet.com/article/four-npm-packages-found-uploading-user-details-on-a-github-page/
NPM nukes NodeJS malware opening Windows, Linux reverse shells October 16, 2020 https://www.bleepingcomputer.com/ne...malware-opening-windows-linux-reverse-shells/
Malicious NPM project steals Discord accounts, browser info November 9, 2020 https://www.bleepingcomputer.com/ne...project-steals-discord-accounts-browser-info/ Sonatype: Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
Discord-Stealing Malware Invades npm Packages The CursedGrabber malware has infiltrated the open-source software code repository January 22, 2021 https://threatpost.com/discord-stealing-malware-npm-packages/163265/ Sonatype: CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains
NPM package steals Chrome passwords on Windows via recovery tool July 21, 2021 https://www.bleepingcomputer.com/ne...hrome-passwords-on-windows-via-recovery-tool/ ReversingLabs: Groundhog day: NPM package caught stealing browser passwords
Popular 'coa' NPM library hijacked to steal user passwords November 4, 2021 https://www.bleepingcomputer.com/ne...npm-library-hijacked-to-steal-user-passwords/
Malicious npm packages steal Discord users’ payment card info July 28, 2022 ESET: LofyLife: malicious npm packages steal Discord tokens and bank card data
Hundreds of Malicious Packages Found in npm Registry Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine - January 19, 2023