Wednesday, January 20, 13:55
Home security Malicious npm tries to extract data from Discord
security

Malicious npm tries to extract data from Discord

Teo Ehc
By Teo Ehc

The npm security team has removed a malicious JavaScript library from the npm portal designed to steal sensitive files from the user browser and Discord application.

The malicious npm was a JavaScript library called "fallguys" that claimed to provide an interface to the "Fall Guys: Ultimate Knockout" API.

Discord

However, after the developers downloaded the library and integrated it into their projects, when the developer executed its code, it also executed the malicious npm.

According to the npm security team, this code was trying to access five local files, read the content and then publish the data within a Discord channel (as a Discord webhook).

The five files that the malicious npm was trying to read are the following:

  • / AppData / Local / Google / Chrome / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Roaming / Opera \ x20Software / Opera \ x20Stable / Local \ x20Storage / leveldb
  • / AppData / Local / Yandex / YandexBrowser / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Local / BraveSoftware / Brave-Browser / User \ x20Data / Default / Local \ x20Storage / leveldb
  • / AppData / Roaming / discord / Local \ x20Storage / leveldb

The first four files are LevelDB databases specifically for browsers such as Chrome, Opera, Yandex Browser and Brave. These files usually store specific information about browsing history of a user.

The last file is a similar LevelDB database, but for the Discord Windows client, which similarly stores information on the channels to which one is subscribed. user.

It is worth noting that the malicious npm did not steal other sensitive data from the computers of the targeted developers, such as session cookies or the database of the browser in which the credentials.

Malicious npm appears to perform some sort of identification, collect data on victims, and try to estimate who websites developers had access, before delivering more targeted code via an update.

Npm security team advises developers to remove malicious npm from project their.

The malicious npm has been available on the site for two weeks, during which it has been downloaded almost 300 times.

Previous articleCenturyLink: Technical problem led to a 3,5% drop in web traffic!
Next articleFBI: Losses over $ 475 million from…. "Romantic scams"

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

RELATED ARTICLES

security

Interpol: Scammers approach their victims in dating applications!

Teo Ehc -
Interpol issued a statement warning the world that many scammers are targeting users of dating applications and trying to deceive them to ...
Read more
security

Malwarebytes: SolarWinds hacked by cyber attackers!

Pohackontas -
Malwarebytes said it had been hacked by the same hacking team that allegedly "hit" software company SolarWinds. However, he clarified that ...
Read more
security

Bugs in Messenger, Signal, Google Duo allowed spying

Digital Fortress -
Security researcher found bugs in popular, mobile video conferencing and chat applications that allowed potential attackers to hear sounds and receive ...
Read more

LIVE NEWS

Months later, Jack Ma made his first public appearance

inet Teo Ehc -
Jack Ma has just made his first public appearance in months. The co-founder of Alibaba (BABA) appeared today, in a ...
Read more

Google: Chrome 88 will be released with many improvements

Updates Teo Ehc -
Google has announced the new features that Chrome 88 will receive when it is released. It seems that it will have a tab search and ...
Read more

Interpol: Scammers approach their victims in dating applications!

security Teo Ehc -
Interpol issued a statement warning the world that many scammers are targeting users of dating applications and trying to deceive them to ...
Read more
00:02:05

AI: How the imitation of the human brain enhances its technology

youtube Absent Mia -
https://www.youtube.com/watch?v=ATvc1tbYFi4 Η τεχνολογία AI έχει καταφέρει εντυπωσιακά πράγματα έως τώρα, όμως χρειάζεται μεγάλο όγκο δεδομένων προκειμένου να...
Read more

Malwarebytes: SolarWinds hacked by cyber attackers!

security Pohackontas -
Malwarebytes said it had been hacked by the same hacking team that allegedly "hit" software company SolarWinds. However, he clarified that ...
Read more

Bugs in Messenger, Signal, Google Duo allowed spying

security Digital Fortress -
Security researcher found bugs in popular, mobile video conferencing and chat applications that allowed potential attackers to hear sounds and receive ...
Read more

Trump: US cloud providers will file foreign customers

security Absent Mia -
The most controversial president of the United States, Donald Trump, signed an executive order shortly before his departure, which obliges the ...
Read more

Tesla: Seeks man to help Musk handle Twitter complaints

inet Digital Fortress -
It has been reported that Tesla no longer has a public relations department to handle questions from journalists. It seems, however, that it is necessary ...
Read more

Chinese team hacking behind theft of passenger data

security Absent Mia -
In recent years, a Chinese hacking team is believed to be behind dozens of attacks on airlines in order to ...
Read more
00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

youtube Pohackontas -
https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...
Read more
Loading more

ABOUT US

SecNews.gr: No1 Portal for Technology News. Security, Hacking, TV and Tweaks for Geeks. Up-to-date information on all security and IT developments.

Communication: contact@secnews.gr

FOLLOW US

SecNews - Copyright © 2010 - 2020

el Greek
zh-CN Chinese (Simplified)en Englishel Greekru Russian