Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Malware authors target rivals with malicious npm packages - Best Business Review Site 2024

Malware authors target rivals with malicious npm packages

[ad_1]

DevOps security firm JFrog has discovered malicious npm packages that appear to have been developed by malware authors to target rivals. 

On February 22, JFrog cybersecurity researchers Andrey Polkovnychenko and Shachar Menashe said that 25 malicious Node Package Manager (npm) packages had recently been detected by the firm’s scanners, many of which are Discord token stealers. 

If an attacker is able to steal tokens, they can be used to infiltrate a victim’s account and hijack Discord servers. They can also be valuable assets suitable for sale in underground, criminal markets. 

The team noted that many of the packages are masquerading as the colors.js npm package, open source software developed by Marak Squires. Colors.js, a package for implementing colored text on node.js, was sabotaged by its creator in January, thereby crashing tens of thousands of JavaScript programs in one strike. 

“This masquerading is probably due to the fact that colors.js is still one of the most installed packages in npm,” JFrog says. 

In addition, other packages were found including Python remote code injectors and environmental variable stealers. 

While the reported packages were “quickly” removed by npm maintainers, one package, in particular, caught JFrog’s eye. Called “Lemaaa,” the npm package is a library “meant to be used by malicious threat actors to manipulate Discord accounts,” according to the researchers.

Lemaaa included utilities such as bot list functions, removing friends, password checks, grabbing backup codes, and also stealing billing information when a Discord token is supplied. 

screenshot-2022-02-23-at-08-52-41.png

JFrog

The module itself is obfuscated, which shouldn’t be a surprise considering its malicious purposes. However, after peeling apart Lemaaa’s code, the researchers found that the package had been trojanized to hijack the secret Discord tokens supplied to the library and transfer them to Lemaaa’s developer.

As npm is used by millions of developers worldwide, malicious npm package detection is set to continue – and potentially rise over time. 

“We estimate this trend will only continue to increase, due to the fact that we are still seeing tens of new malicious packages that are flagged each day by our npm scanners,” the researchers say.

In December, JFrog uncovered 17 malicious npm packages also designed to steal Discord tokens. These packages were able to hijack account credentials, allowing attackers to take over a Discord server. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot