Wednesday, January 20, 13:55
Home security Malicious npm tries to extract data from Discord

Malicious npm tries to extract data from Discord

The npm security team has removed a malicious JavaScript library from the npm portal designed to steal sensitive files from the user browser and Discord application.

The malicious npm was a JavaScript library called "fallguys" that claimed to provide an interface to the "Fall Guys: Ultimate Knockout" API.

Discord

However, after the developers downloaded the library and integrated it into their projects, when the developer executed its code, it also executed the malicious npm.

According to the npm security team, this code was trying to access five local files, read the content and then publish the data within a Discord channel (as a Discord webhook).

The five files that the malicious npm was trying to read are the following:

  • / AppData / Local / Google / Chrome / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Roaming / Opera \ x20Software / Opera \ x20Stable / Local \ x20Storage / leveldb
  • / AppData / Local / Yandex / YandexBrowser / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Local / BraveSoftware / Brave-Browser / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Roaming / discord / Local \ x20Storage / leveldb

The first four files are LevelDB databases specifically for browsers such as Chrome, Opera, Yandex Browser and Brave. These files usually store specific information about browsing history of a user.

The last file is a similar LevelDB database, but for the Discord Windows client, which similarly stores information on the channels to which one is subscribed. user.

It is worth noting that the malicious npm did not steal other sensitive data from the computers of the targeted developers, such as session cookies or the database of the browser in which the credentials.

Malicious npm appears to perform some sort of identification, collect data on victims, and try to estimate who websites developers had access, before delivering more targeted code via an update.

Npm security team advises developers to remove malicious npm from project their.

The malicious npm has been available on the site for two weeks, during which it has been downloaded almost 300 times.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Months later, Jack Ma made his first public appearance

Jack Ma has just made his first public appearance in months. The co-founder of Alibaba (BABA) appeared today, in a ...

Google: Chrome 88 will be released with many improvements

Google has announced the new features that Chrome 88 will receive when it is released. It seems that it will have a tab search and ...

Interpol: Scammers approach their victims in dating applications!

Interpol issued a statement warning the world that many scammers are targeting users of dating applications and trying to deceive them to ...
00:02:05

AI: How the imitation of the human brain enhances its technology

https://www.youtube.com/watch?v=ATvc1tbYFi4 Η τεχνολογία AI έχει καταφέρει εντυπωσιακά πράγματα έως τώρα, όμως χρειάζεται μεγάλο όγκο δεδομένων προκειμένου να...

Malwarebytes: SolarWinds hacked by cyber attackers!

Malwarebytes said it had been hacked by the same hacking team that allegedly "hit" software company SolarWinds. However, he clarified that ...

Bugs in Messenger, Signal, Google Duo allowed spying

Security researcher found bugs in popular, mobile video conferencing and chat applications that allowed potential attackers to hear sounds and receive ...

Trump: US cloud providers will file foreign customers

The most controversial president of the United States, Donald Trump, signed an executive order shortly before his departure, which obliges the ...

Tesla: Seeks man to help Musk handle Twitter complaints

It has been reported that Tesla no longer has a public relations department to handle questions from journalists. It seems, however, that it is necessary ...

Chinese team hacking behind theft of passenger data

In recent years, a Chinese hacking team is believed to be behind dozens of attacks on airlines in order to ...
00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...