Home Security Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

by


Nov 08, 2024Ravie LakshmananOpen Source / Malware

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.

“This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures,” Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.

Cybersecurity

The list of malicious packages is as follows –

It’s worth pointing out that “node-dlls” is an attempt on part of the threat actor to masquerade as the legitimate node-dll package, which offers a doubly linked list implementation for JavaScript. Similarly, rolimons-api is a deceptive variant of Rolimon’s API.

Malicious NPM Packages

“While there are unofficial wrappers and modules — such as the rolimons Python package (downloaded over 17,000 times) and the Rolimons Lua module on GitHub — the malicious rolimons-api packages sought to exploit developers’ trust in familiar names,” Boychenko noted.

The rogue packages incorporate obfuscated code that downloads and executes Skuld and Blank Grabber, stealer malware families written in Golang and Python, respectively, that are capable of harvesting a wide range of information from infected systems. The captured data is then exfiltrated to the attacker via Discord webhook or Telegram.

Cybersecurity

In a further attempt to bypass security protections, the malware binaries are retrieved from a GitHub repository (“github[.]com/zvydev/code/”) controlled by the threat actor.

Roblox’s popularity in recent years has led to threat actors actively pushing bogus packages to target both developers and users. Earlier this year, several malicious packages like noblox.js-proxy-server, noblox-ts, and noblox.js-async were discovered impersonating the popular noblox.js library.

With bad actors exploiting the trust with widely-used packages to push typosquatted packages, developers are advised to verify package names and scrutinize source code prior to downloading them.

“As open-source ecosystems grow and more developers rely on shared code, the attack surface expands, with threat actors looking for more opportunities to infiltrate malicious code,” Boychenko said. “This incident emphasizes the need for heightened awareness and robust security practices among developers.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex