Security News > 2023 > August > Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers.

"The malicious packages reproduce code from the legitimate noblox.js package but add malicious, information-stealing functions," software threat researcher Lucija Valentić said in a Tuesday analysis.

The packages were cumulatively downloaded 963 times before they were taken down.

"With malicious campaigns that target the software supply chain, the difference between sophisticated and unsophisticated attacks often comes down to the level of effort the malicious actors make to disguise their attack and make their malicious packages look legitimate," Valentić pointed out.

The modules, in particular, cleverly conceal their malicious functionality in a separate file named postinstall.

"It highlights yet again the trend of malicious actors using typosquatting as a technique to fool developers into downloading malicious code under the guise of similarly named, legitimate packages," Valentić said.

News URL

https://thehackernews.com/2023/08/over-dozen-malicious-npm-packages.html