In the NPM detected 25 malicious packages, which applied to the use of tapskvotting, i.e. With the purpose of the names similar to the names of popular libraries, with the calculation of the fact that the user allows typos when typing or not notice the differences, choosing a module from the list.
- 17 packets included malicious code to search on the local file system of Discord token and send them to the attacker server. In most cases, for malicious changes camouflaged through the supply of modified variants of legitimate libraries discord.js and Colors .
- node-colors-sync
- Color-Self
- Color-Self-2
- lemaaa
- Adv-Discord-Utility
- Tools-for-Discord
- Purple-Bitch
- Purple-Bitchs
- noblox.js-addons
- Discord-Selfbot-Tools
- discord.js-aployscript-v11
- discord.js-selfbot-aployscript
- discord.js-selfbot-aployed
- discord.js-discord-selfbot-v4
- colors-beta li>
- vera.js
- Discord-Protection
- 5 packets included code for sending the contents of environment variables, which, for example, could include access keys, tokens or passwords to continuous integration systems or cloudy environments, such as AWS.
- wafer-text
- Wafewaufer-Templater-Countdown
- Wafer-Template
- wafer-darla
- mynewpkg
- 2 packages (markedjs, crypto-standarts) included a Trojan to organize remote access to the user system, allowing you to perform arbitrary code in Python (Python Remote Code Injector).
- 1 Package (Kakakaakaaa11aa) included backdoor for remote control system (Connectback Shell).
/Media reports.