Security News > 2021 > December > Malicious npm Code Packages Built for Hijacking Discord Servers

A series of malicious packages in the Node.js package manager code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users' accounts and servers.

Js, which enables interaction with the Discord API. "The malware's author took the original discord.js library as the base and injected obfuscated malicious code into the file src/client/actions/UserGet.js," according to JFrog, which added, "In classic trojan manner, the packages attempt to misdirect the victim by copying the README.md from the original package."

Another, dubbed the "Fix-error" package, claims to "Fix errors in discord selfbot." In actuality, it uses an obfuscated version of the PirateStealer tool, which steals private data stored in the Discord client by injecting malicious JavaCcript code - such as credit cards, login credentials and personally identifiable information.

The npm code maintainers have removed the flagged packages, which nonetheless live on in any applications they're built into.

Using malicious packages as a cyberattack vector has become more and more common, and not just in npm.

In March, researchers spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow inside the npm public code repository - all of which exfiltrated sensitive information.

News URL

https://threatpost.com/malicious-npm-code-packages-discord/176886/