Sign up api roblox1/4/2024 ![]() ![]() It used Discord attachments to serve malware and webhooks to exfiltrate data. He pointed to the CursedGrabber NPM malware that Sonatype spotted a year ago. Sharma said this isn't the first time Discord has been used by threat actors to collaborate on and host malicious payloads. "The threat actor also maintains a Discord server to share information on the infected repositories, and solicit ransom amounts from impacted victims." Discord not exactly on form "The package is by the same threat actor who had previously published fake Noblox packages delivering ransomware," said Sharma. ![]() In an email to The Register, Ax Sharma, a senior security researcher at Sonatype, confirmed that the company is seeing more and more malicious NPM packages, including another noblox.js typosquat called noblox.js-rpc that the security firm reported to NPM. Seems to behave like ransom, except without the locking of files, only the overwriting of MBR /JyPKVQU0QM Since then, noblox.js-rpc has been flagged and malicious npm package: noblox.js-rpc Despite its title relating to Discord, it had the noblox.js Readme file." "The first of these attacks, discord.buttons-js, was created as long ago as the 7th September, and was the first. "We have reported all of these, and noblox.js-rpc is the only one currently online," said Muir in a message on Sunday. ![]() Muir said he's aware of at least six libraries created with confusingly similar names, to dupe the unwitting unto downloading the compromised code rather than the legitimate noblox.js library. "I believe Sonatype described this attack as a potential 'prank' – I assure you it is not, but more a persistent and continuous attack on our library and its users," he said. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |