Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.

A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers.

The npm repository is an open-source home for JavaScript developers to share and reuse code blocks. The packages can represent a supply-chain threat given that they can be used as building blocks in various web applications. Any applications corrupted by malicious code can attack its users.

According to the JFrog Security research team, in this case a set of 17 malicious packages were published, with varying payloads and tactics. However, they were all built to target Discord, the virtual meeting platform used by 350 million users that enables communication via voice calls, video calls, text messaging and files.

“The packages’ payloads are varied, ranging from infostealers up to full remote-access backdoors,” researchers said in a Wednesday advisory. “Additionally, the packages have different infection tactics, including typosquatting, dependency confusion and trojan functionality.”

There are a few reasons, apart from its massive user base, that Discord is an

Read More: https://threatpost.com/malicious-npm-code-packages-discord/176886/