Monday, March 1, 18:21
Home security Npm package: steals sensitive Discord and browser files

Npm package: steals sensitive Discord and browser files

Security researchers Sonatype discovered an npm package (library JavaScript) that contains malicious code, which is designed to steal sensitive files from a user's browsers and the Discord application.

npm

The malicious code, named discord.dll, is still available via npm, a web portal, command line utility, and package manager for JavaScript developers.

The developers use npm to load and then update libraries in their JavaScript projects, whether they are websites or applications for desktops or server applications.

According to Sonatype, once discord.dll is installed on one system, executes malicious code that searches the developer's computer and, after locating specific applications, attempts to retrieve its internal databases LevelDB.

These applications can be browsers such as Google Chrome, Brave, Opera and the Yandex browser, but also the Discord instant messaging application, popular today in most online Gamers.

The files that the malware recovers are LevelDB databases, which are used by the aforementioned applications to store information such as browsing history and various access credentials.

Discord.dll reads the files and tries to publish their contents to a Discord channel (as a Discord webhook).

After conducting research, Sonatype found that malicious code was an improved version of a malicious library that appeared in August. By name fallguys, this library also gathered the same information, albeit in a less complicated way.

The discord.dll package is still available on the npm portal, but Sonatype said it has already informed the npm security team and the package will likely be removed in the coming days. The researchers also said that discord.dll is not the only malicious package that its author has created. There are ten others on the npm site, three of which contained malicious code that downloads and executes three mysterious EXE files.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS