![]() ![]() Polkovnychenko and Menasche said that if a developer had downloaded and installed any of these libraries, they would have executed malicious code on their systems that either installed malware or collected data to send back to the attackers.įour of the npm JavaScript libraries contained functions to collect Discord access tokens, which effectively act as authentication cookies and can allow attackers to hijack an infected developer's Discord account.Ī fifth npm package contained a copy of PirateStealer, a piece of malware that could also extract other data from Discord apps and accounts, such as payment card details, login credentials, and personal information.Īnother set of eleven libraries included functions that collected environment variables, which are details from a developer's local programming environment. "Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed," said Andrey Polkovnychenko and Shachar Menashe, two security researchers at DevOps security firm JFrog, and the ones who spotted and reported the malicious packages to the npm team. The Node Package Manager (npm) security team has removed 17 JavaScript libraries this week that contained malicious code to collect and steal Discord access tokens and environment variables from users' computers. Malicious npm packages caught stealing Discord tokens, environment variables
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |