Security News > 2022 > February > 25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down.

The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.

Discord tokens have emerged as lucrative means for threat actors to gain unauthorized access to accounts sans a password, enabling the operators to exploit the access to propagate malicious links via Discord channels.

Two rogue packages, named markedjs and crypto-standarts, stand out for their role as duplicate trojan packages in that they completely replicate the original functionality of well-known libraries marked and crypto-js, but feature additional malicious code to remotely inject arbitrary Python code.

Another malicious package is lemaaa, "a library which is meant to be used by malicious threat actors to manipulate Discord accounts," researchers Andrey Polkovnychenko and Shachar Menashe said.

The findings are the latest in a series of disclosures uncovering the abuse of NPM to deploy an array of payloads ranging from info-stealers up to full remote access backdoors, making it imperative that developers inspect their package dependencies to mitigate typosquatting and dependency confusion attacks.

News URL

https://thehackernews.com/2022/02/25-malicious-javascript-libraries.html