
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down.
The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, crypto-js, discord.js, marked, and noblox.js, DevOps security firm JFrog said, attributing the packages as the work of “novice malware authors.”
The complete list of packages is below –
- node-colors-sync (Discord token stealer)
- color-self (Discord token stealer)
- color-self-2 (Discord token stealer)
- wafer-text (Environment variable stealer)
- wafer-countdown (Environment variable stealer)
- wafer-template (Environment variable stealer)
- wafer-darla (Environment variable stealer)
- lemaaa (Discord token stealer)
- adv-discord-utility (Discord token stealer)
- tools-for-discord (Discord token stealer)
- mynewpkg (Environment variable stealer)
- purple-bitch (Discord token stealer)
- purple-bitchs (Discord token stealer)
- noblox.js-addons (Discord token stealer)
- kakakaakaaa11aa (Connectback shell)
- markedjs (Python remote code injector)
- crypto-standarts (Python remote code injector)
- discord-selfbot-tools (Discord token stealer)
- discord.js-aployscript-v11 (Discord token stealer)
- discord.js-selfbot-aployscript (Discord token stealer)
- discord.js-selfbot-aployed (Discord token stealer)
- discord.js-discord-selfbot-v4 (Discord token stealer)
- colors-beta (Discord token stealer)
- vera.js (Discord token stealer)
- discord-protection (Discord token stealer)
Discord tokens have emerged as lucrative means for threat actors to gain unauthorized access to accounts sans a password, enabling the operators to exploit the access to propagate malicious links via Discord channels. Read more: https://bit.ly/3BMyQUL