Malware authors target rivals with malicious npm packages – ZDNet

Share on facebook
Share on twitter
Share on linkedin

Trojan packages reveal what could be internal rivalry between cybercriminals.
Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London.
DevOps security firm JFrog has discovered malicious npm packages that malware authors have developed to target rivals. 
On February 22, JFrog cybersecurity researchers Andrey Polkovnychenko and Shachar Menashe said that 25 malicious Node Package Manager (npm) packages had recently been detected by the firm’s scanners, many of which are Discord token stealers. 
If an attacker is able to steal tokens, they can be used to infiltrate a victim’s account and hijack Discord servers. They can also be valuable assets suitable for sale in the underground criminal markets. 
The team noted that many of the packages are masquerading as the colors.js npm package, open source software developed by Marak Squires. Colors.js, a package for implementing colored text on node.js, was sabotaged by its creator in January, thereby crashing tens of thousands of JavaScript programs in one strike. 
“This masquerading is probably due to the fact that colors.js is still one of the most installed packages in npm,” JFrog says. 
In addition, other packages were found, including Python remote code injectors and environmental variable stealers. 
Also: Almost 100,000 new mobile banking Trojan strains detected in 2021
While npm maintainers “quickly” removed the reported packages, one package, in particular, caught JFrog’s eye. Called “Lemaaa,” the npm package is a library “meant to be used by malicious threat actors to manipulate Discord accounts,” according to the researchers.
Lemaaa included utilities such as bot list functions, removing friends, password checks, grabbing backup codes, and also stealing billing information when a Discord token is supplied. 

The module itself is obfuscated, which shouldn’t be a surprise considering its malicious purposes. However, after peeling apart Lemaaa’s code, the researchers found that the package had been trojanized to hijack the secret Discord tokens supplied to the library and transfer them to Lemaaa’s developer.
As npm is used by millions of developers worldwide, malicious npm package detection is set to continue — and potentially rise over time. 
“We estimate this trend will only continue to increase due to the fact that we are still seeing tens of new malicious packages that are flagged each day by our npm scanners,” the researchers say.
In December, JFrog uncovered 17 malicious npm packages also designed to steal Discord tokens. These packages were able to hijack account credentials, allowing attackers to take over a Discord server. 
See also
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
How to be a successful developer: 5 tips to help your hiring prospects

Developer jobs and programming languages: What’s hot and what’s next

Python programming: PyPl is getting this ‘most requested’ feature

Security warning: Hackers are using this new malware to target firewall appliances

AWS: Here’s why we are investing in the Rust programming language

Best alarm clock 2022: Rise and shine

Best metal credit card 2022: Cold hard cash cards

Best fitness deals available right now: February 2022

Best online doctorate in project management | ZDNet

Please review our terms of service to complete your newsletter subscription.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By joining ZDNet, you agree to our Terms of Use and Privacy Policy.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.
© 2022 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use




Leave a Replay

About Us

Bellscord is a Gaming Community which hosts its own Minecraft Server and Discord Community. Bellscord Communities can be found across multiple platforms. Our aim is to build a big and active community.

Recent Posts