According to Sonatype, once discord.dll is installed on one system, executes malicious code that searches the developer's computer and, after locating specific applications, attempts to retrieve its internal databases LevelDB.
The files that the malware recovers are LevelDB databases, which are used by the aforementioned applications to store information such as browsing history and various access credentials.
Discord.dll reads the files and tries to publish their contents to a Discord channel (as a Discord webhook).
After conducting research, Sonatype found that malicious code was an improved version of a malicious library that appeared in August. By name fallguys, this library also gathered the same information, albeit in a less complicated way.
The discord.dll package is still available on the npm portal, but Sonatype said it has already informed the npm security team and the package will likely be removed in the coming days. The researchers also said that discord.dll is not the only malicious package that its author has created. There are ten others on the npm site, three of which contained malicious code that downloads and executes three mysterious EXE files.