Hit enter to search

Malicious NPM libraries install ransomware, password stealer

27-Oct-21

The two NPM packages, noblox.jsproxy and noblox.jsproxies, exploit typosquatting to impersonate the official Roblox API wrapper noblox. By changing a single letter in the library's name, it becomes jsproxied.

The malicious NPM modules will run a postinstall.js script after being added to a project and activated. This script is often used to run lawful actions once a library is installed, but in this case, it initiates a chain of malicious activities on the machines of the victims.

Read More...