The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers

2021-11-16 21:46

Js package by uploading similarly named packages that deliver ransomware to NPM, a registry for open source JavaScript libraries, and then promoting the malware-laden files via Discord, a messaging and chat service.

Muir said those responsible are spreading malware by joining Discord servers with young users - according to Roblox, "[T]he majority of our users are under the age of 13" - to gain a position of trust and convince them to download a compromised library.

One of his fellow maintainers, he said, had loaded up the ransomware in a virtual machine and noted that it references the discord.

"That being said, Discord's lack of action is somewhat shocking given the Discord server in question has the invite discord.gg/condos, and is primarily dedicated to the creation of depraved Roblox condos, which are sex games aimed at minors," said Muir.

On Monday, about an hour after The Register asked Discord for comment, Muir received a note from Discord's Trust & Safety Team stating that they've opened an investigation.

"Platform security is a priority for us. Discord relies on a mix of proactive scanning - such as antivirus scanning - and reactive reports to detect malware and viruses on our service before they reach users," a Discord spokesperson told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/16/nobloxjs_typosquatting_discord/

#ransomware #roblox