Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Discord-Stealing Malware Invades npm Packages
#1
Information 
Quote:Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. The packages represent a supply-chain threat given that they may be used as building blocks in various web applications; any applications corrupted by the code can steal tokens and other information from Discord users, researchers said.
 
Discord is designed for creating communities on the web, called “servers,” either as standalone forums or as part of another website. Users communicate with voice calls, video calls, text messaging, media and files. Discord “bots” are central to its function; these are AIs that can be programmed to moderate discussion forums, welcome and guide new members, police rule-breakers and perform community outreach. They’re also used to add features to the server, such as music, games, polls, prizes and more.
 
Discord tokens are used inside bot code to send commands back and forth to the Discord API, which in turn controls bot actions. If a Discord token is stolen, it would allow an attacker to hack the server.
 
As of Friday, the packages (named an0n-chat-lib, discord-fix and sonatype, all published by “scp173-deleted”) were still available for download. They make use of brandjacking and typosquatting to lure developers into thinking they’re legitimate. There is also “clear evidence that the malware campaign was using a Discord bot to generate fake download counts for the packages to make them appear more popular to potential users,” according to researchers at Sonatype.
 
The authors are the same operators behind the CursedGrabber Discord malware,  the researchers said, and the packages share DNA with that threat.
The CursedGrabber Discord malware family, discovered in November, targets Windows hosts. It contains two .exe files which are invoked and executed via ‘postinstall’ scripts from the manifest file, ‘package.json’. One of the .exe files scans user profiles from multiple web browsers along with Discord leveldb files, steals Discord tokens, steals credit-card information, and sends user data via a webhook to the attacker. The second unpacks additional code with multiple capabilities, including privilege escalation, keylogging, taking screenshots, planting backdoors, accessing webcams and so on.
 
In the case of the three npm packages, these “contain variations of Discord token-stealing code from the Discord malware discovered by Sonatype on numerous occasions,” said Sonatype security researcher Ax Sharma, in a Friday blog posting.

Read more: https://threatpost.com/discord-stealing-...es/163265/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
COVID-19 Vaccine Spear-Phishing Attacks ...
As Moderna, Pfizer...silversurfer — 16:49
Malaysia Air Downplays Frequent-Flyer Pr...
Malaysia Airlines ...silversurfer — 16:46
Unpatched Bug in WiFi Mouse App Opens PC...
The mobile applica...silversurfer — 16:43
GFYI [Official] ExpressVPN Valentines 2...
"What are the f...Imran — 16:20
Is the Windows 10 app Microsoft Update H...
The Microsoft Upda...harlan4096 — 11:46

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (39)gapedDow
avatar (33)snorydar
avatar (38)Hectorvot
avatar (46)knowhanPluts
avatar (34)Williamengiz
avatar (41)qaqapeti
avatar (39)battsourIonix
avatar (38)CedricSek
avatar (34)chasRex
avatar (38)slavrProck
avatar (40)Tyesharaike
avatar (44)TomeRerla
avatar (46)tersfargum
avatar (45)alfreExept
avatar (40)walllMIZ
avatar (36)oconyho
avatar (28)uteluxix
avatar (42)piafcflene
avatar (34)Matthewkah
avatar (33)Charlesfibre
avatar (37)napasvem
avatar (39)diploJeoca
avatar (33)francisnj3
avatar (38)artmaGoork
avatar (40)tukraNax
avatar (44)Eddiemek
avatar (36)RichardCisee
avatar (35)ebenofit
avatar (33)ykazawu

[-]
Online Staff
There are no staff members currently online.

>