Discord-Stealing Malware Invades npm Packages

By threatpost - 2021-01-24

Description

The CursedGrabber malware has infiltrated the open-source software code repository.

Summary

Subscribe to our Threatpost Today newsletter Join thousands of people who receive the latest breaking cybersecurity news every day.
The packages (named an0n-chat-lib, discord-fix and sonatype, all published by “scp173-deleted”) have been taken down, though it’s unknown how many developers used them before they were removed.
Sponsored content is written and edited by members of our sponsor community.
This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience.

Topics

Security (0.25)
UX (0.19)
Backend (0.16)

Similar Articles

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

By threatpost - 2021-02-05

The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.

High-Severity Cisco Flaw Found in CMX Software For Retailers

By threatpost - 2021-01-14

Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.

Stack History: A Timeline of Slack's Tech Stack Evolution

By StackShare - 2021-01-07

The story of Slacks’s major technology decisions over time. It’s a story that underlies all other Slack narratives, and one that powers its meteoric growth even today.