Discord is the target of malicious NPMs. According to the information available, these are at least 17 packages which were discovered compromising the platform. This case follows a recent barrage of malware hosted on open source software links, such as PyPi and RubyGems.
The society DevOps JFrog stated that these “Libraries” were designed for 2 reasons. On the one hand, to extract « access tokens » (access tokens) Discord. On the other hand, to gain full control over a victim’s system. One more thing: they can also have access to “Variable environments” users’ computers. Fortunately, they have already been deleted at the time of this writing.
The disturbing features of malicious NPMs
Andrey Polkovnychenko, Chief Software Engineer at GlobalLogic and Shachar Menashe, director of security research at JFrog, commented on the case.
According to them, the active content of the packages is varied, ranging from infostealers to full remote access backdoors. But still, these malware opt for different infection tactics including the typosquatting, the dependency confusion and the Trojan horse (Trojan horse).
Developers now on the alert
The C&C (collaboration and communication tools), such as Discord and Slack, have become popular platforms for cyber criminals. It is now easy for them to remotely control infected machines and even to exfiltrate data. For this, cybercriminals use Discord CDN for the accommodation of infected files.
The cyber security company Zscaler said in February that:
“Distributing static content promotes hosting from Infectious downloadable files, which remain accessible even after deleting the actual files in Discord. “
More disturbing still, prerequests-xcode works like a Trojan horse in its own right. There is also the port Node.JS from DiscordRAT which takes screenshots. At the same time, it collects data from the clipboard, runs VBScript and PowerShell, and facilitates password theft. It even becomes possible to sell premium accounts Discord Nitro to third parties.
Research shows that:
“Public repositories have become a hub for the spread of malware. “
Servers of a famous repository become trusted platforms, and the fact that users interact with these sites no longer alerts the antivirus or the firewall. In addition, the installation ofautomation tools, such as NPM Cient, facilitates the attack of hackers.
It seems that audits need to be carried out in order to secure the C&C platforms. If Discord is already in turmoil, we wish our fellow human beings more luck.
.
Source From: Fredzone
I am a technology author with 8 years of experience in journalism. My writing covers the latest technology advancements and trends, drawing on my expertise in news journalism and social media platforms. I have contributed to major media outlets such as The New York Times, The Wall Street Journal, and Reuters.
