17 NPM packages found infected with malware
Malware infection reports are on the rise, but it’s not all doom and gloom. As such a wide range of software is now vulnerable to attacks, some have arrived at the conclusion that developers should just stop using NPM packages altogether.
The “npm malicious packages” is a problem that has been present for a while. A recent study found 17 NPM packages to be infected with malware.
In the open-source NPM repository, seventeen malware packages were discovered. The majority of these programs steal passwords or Discord tokens, with some even taking credit card information linked to stolen Discord accounts. Botnets may utilize compromised Discord servers as a command and control channel, or as a proxy for obtaining data from hacked servers.
JFrog researchers Andrey Polkovnychenko and Shachar Menashe identified the packages in a study released on Wednesday. The malicious packages were quickly deleted after being notified to NPM code maintainers. The packages had not accumulated up a substantial number of downloads previous to exposure, according to NPM logs.
Python’s PyPi repository was compromised with crypto mining malware in June of this year. The NPM libraries UAParser.js and Pac-Resolver were also compromised and downloaded millions of times by unwitting developers.
In the News: A Cybercourt for Cybercriminals has been established on the Dark Web.
In recent years, NPM infection attacks have become more common. It’s ripe for an assault. Millions of developers trust the NPM package library, making it simple for threat actors to sneak corrupted packages that transmit malicious payloads through a trusted service.
Information stealers to complete remote access backdoors are among the payloads. Different infection techniques are also used by the packages, including typosquatting, dependency confusion, and trojan functionality.
Here’s a list of all the NPM packages that are impacted.
|Package||Version||Payload||Method of Infection|
|prerequests-xcode||1.0.4||Trojan Horse for Remote Access||Unknown|
|discord-selfbot-v14||12.0.3||Grabber of Discord tokens||Trojan Horse/Typosquatting (discord.js)|
|discord-lofy||11.5.1||Grabber of Discord tokens||Trojan Horse/Typosquatting (discord.js)|
|discordsystem||11.5.1||Grabber of Discord tokens||Trojan Horse/Typosquatting (discord.js)|
|discord-vilao||1.0.0||Grabber of Discord tokens||Trojan Horse/Typosquatting (discord.js)|
|fix-error||1.0.0||PirateStealer is a fictional character (Discord malware)||Trojan|
|wafer-bind||1.1.2||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-toggle||1.15.4||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-autocomplete||1.25.0||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-beacon||1.3.3||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-caas||1.14.20||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-geolocation||1.2.10||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-image||1.2.2||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-form||1.30.1||Stealer of environmental variables||Wafer-* typosquatting|
|wafer-lightbox||1.5.4||Stealer of environmental variables||Wafer-* typosquatting|
|octavius-public||1.836.609||Stealer of environmental variables||Wafer-* typosquatting|
|mrg-message-broker||9998.987.376||Stealer of environmental variables||Dependency ambiguity|
Malware that steals Discord tokens is also on the increase, and for a variety of reasons. Discord servers, for example, may be used to operate a remote access trojan or even an entire botnet from an anonymous command and control server. Using webhooks, Discord may potentially be used as an anonymous data exfiltration conduit.
Hacked Discord accounts may also be used to propagate malware to the account owner’s friends, which is a somewhat successful technique of swiftly infecting a large number of PCs.
Finally, Discord offers a premium service known as ‘Nitro.’ The service costs about $100 per year and gives the customer aesthetic enhancements as well as the opportunity to ‘boost’ their preferred servers. Premium accounts are often hacked and sold for a fraction of the membership amount.
On Facebook, Meta announces a month-long “Stars Fest.”
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.
Watch This Video-
The “cyber attack discord may 27, 2021” is a problem that has been present for a while. 17 NPM packages were found to be infected with malware.
- bitcoin stealing malware
- discord steal
- discord malware
- what is npm
- discord vulnerabilities 2021