Sensitive browser and Discord files stolen by npm package

npm package

Nefarious code was detected hidden inside one of the JavaScript library called Discord.dll. Sonatype’s security researchers identified the npm package having malicious code created to steal sensitive data and files from an end-user’s browsers and the Discord application. The JavaScript library is available via a command-line utility, web portal, and package manager for JavaScript programmers, and npm.

Read More: Growing Cyber Security Risks Keep CEOs Up at Night

Researchers said that once dicord.dll was installed, it could run malicious code to comprehensively search the user’s device for a few applications and harvest the internal LevelDB databases. Some of the targeted apps include Opera, Brave, Yandex, and Google Chrome. The Discord instant messaging app, popular among online gamers, was also one of the intended victims.

Source: zdnet