Malware authors target rivals with malicious npm packages

DevOps security firm JFrog has discovered malicious npm packages that appear to have been developed by malware authors to target rivals. 

On February 22, JFrog cybersecurity researchers Andrey Polkovnychenko and Shachar Menashe said that 25 malicious Node Package Manager (npm) packages had recently been detected by the firm’s scanners, many of which are Discord token stealers. 

If an attacker is able to steal tokens, they can be used to infiltrate a victim’s account and hijack Discord servers. They can also be valuable assets suitable for sale in underground, criminal markets. 

The team noted that many of the packages are masquerading as the colors.js npm package, open source software developed by Marak Squires. Colors.js, a package for implementing colored text on node.js, was sabotaged by its creator in January, thereby crashing tens of thousands of JavaScript programs in one strike. 

“This masquerading is probably due to the fact that colors.js is still one of the most installed packages in npm,” JFrog says. 

In addition, other packages were found including Python remote code injectors and environmental variable stealers. 

While the reported packages were “quickly” removed by npm maintainers, one package, in particular, caught JFrog’s eye. Called “Lemaaa,” the npm package is a library “meant to

Read More: