{"id":45423,"date":"2022-02-23T13:27:49","date_gmt":"2022-02-23T13:27:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33138\/Malware-Authors-Target-Rivals-With-Malicious-npm-Packages.html"},"modified":"2022-02-23T13:27:49","modified_gmt":"2022-02-23T13:27:49","slug":"malware-authors-target-rivals-with-malicious-npm-packages","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/malware-authors-target-rivals-with-malicious-npm-packages\/","title":{"rendered":"Malware Authors Target Rivals With Malicious npm Packages"},"content":{"rendered":"

DevOps security firm JFrog has discovered malicious npm packages that malware authors have developed to target rivals. <\/p>\n

\n

ZDNet Recommends<\/span> <\/h3>\n<\/p><\/div>\n

On February 22, JFrog cybersecurity researchers<\/a> Andrey Polkovnychenko and Shachar Menashe said that 25 malicious Node Package Manager (npm) packages had recently been detected by the firm’s scanners, many of which are Discord token stealers. <\/p>\n

If an attacker is able to steal tokens, they can be used to infiltrate a victim’s account and hijack Discord servers. They can also be valuable assets suitable for sale in the underground criminal markets. <\/p>\n

The team noted that many of the packages are masquerading as the colors.js npm package, open source software developed by Marak Squires. Colors.js, a package for implementing colored text on node.js, was sabotaged by its creator<\/a> in January, thereby crashing tens of thousands of JavaScript programs in one strike.  <\/p>\n

“This masquerading is probably due to the fact that colors.js is still one of the most installed packages in npm,” JFrog says.  <\/p>\n

In addition, other packages were found, including Python remote code injectors and environmental variable stealers.  <\/p>\n

Also: Almost 100,000 new mobile banking Trojan strains detected in 2021<\/a><\/strong><\/p>\n

While npm maintainers “quickly” removed the reported packages, one package, in particular, caught JFrog’s eye. Called “Lemaaa,” the npm package is a library “meant to be used by malicious threat actors to manipulate Discord accounts,” according to the researchers. <\/p>\n

Lemaaa included utilities such as bot list functions, removing friends, password checks, grabbing backup codes, and also stealing billing information when a Discord token is supplied.  <\/p>\n

\"screenshot-2022-02-23-at-08-52-41.png\"<\/span>