In the NPM 17 malicious packets that applied using tipcvotting, i.e. With the assignment of names similar to the names of popular libraries with the calculation to the fact that the user allows typos when typing or not notice the differences, choosing a module from the list.
Discord-Selfbot-V14 packages, Discord-Lofy, DiscordSystem and
Discord-Vilao used a modified version of the Discord.js legitimate library that provides functions for interacting with the Discord API. Malicious components were integrated into one of the package files and included about 4,000 rows of code confusing using variable names, encryption rows and code formatting. The code scanned the local FS for tokens
Discord and in case of detection sent them to the intruder server.
The Fix-Error package has been declared as a corrective error in Discord Selfbot, but included the Trojan application PirateStealer, which carries out theft of credit card numbers and records associated with Discord. Malicious component activated through the JavaScript code substitution to the discord client.
PREREQUESTS-XCODE includes a Trojan to organize a remote access to the user system based on the Discordrat Python application.
It is assumed that access to the Discord servers could be required by the attackers to deploy the botnet control points, as a proxy to download information from hacked systems, confusing traces when making attacks, the dissemination of malicious software among Discord users or resale Realous accounts .
Wafer-Bind packages, Wafer-Autocomplete,
Wafer-Beacon,
Wafer-Caas,
wafer-toggle
wafer-geolocation,
wafer-image
Wafer-Form,
Wafer-LightBox,
Octavius-Public and MRG-Message-Broker included code to send the contents of environment variables, which, for example, could include access keys, tokens or passwords to continuous integration systems or cloud environment, such as AWS.