Security News > 2022 > July > Malicious Npm Packages Tapped Again to Target Discord Users
Researchers were monitoring open-source repositories on Tuesday when they noticed suspicious activity in the form of four packages containing "Highly obfuscated malicious Python and JavaScript code" in the npm repository, they wrote in the post.
Npm has become an especially attractive target for threat actors as it not only has tens of millions of users, but packages hosted by the repository also have been downloaded billions of times, he said.
LofyLife is not the first time threat actors have used npm to target Discord users.
In December, researchers at JFrog identified a set of 17 malicious npm packages with varying payloads and tactics that targeted the virtual meeting platform, which is used by 350 million users and enables communication via voice calls, video calls, text messaging and files.
Prior to that in January 2021, other researchers discovered three malicious npm packages from the threat actors behind the CursedGrabber malware aimed at stealing Discord tokens and other data from users of the platform.
Kaspersky, among other security firms, is constantly monitoring updates to npm repositories to ensure that all new malicious packages are detected and removed, researchers said.