More than a dozen malicious packages have been discovered on the npm repository, some of which have capabilities to deploy an information stealer called Luna Token Grabber on systems belonging to Roblox developers.
The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js.
The malicious packages […] reproduce code from the legitimate nobscript.js package but add malicious, information-stealing functions, software threat researcher Lucija Valentić said in a Tuesday analysis.
This is not the first time Luna Token Gainer has been spotted in the wild: It highlights yet again the trend of malicious actors using typosquatting as a technique to fool developers into downloading malicious code under the guise of similarly named legitimate packages, Valentiać said.
👋 Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! 🛍️
If not, consider contributing to my caffeine supply at Buy Me a Coffee ☕️.
Your clicks = cosmic support for more awesome content! 🚀🌈
Leave a Reply