A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News. The list of malicious packages is as follows β node-dlls (77 downloads) ro.dll (74 downloads) autoadv (66 downloads) rolimons-api (107 downloads) It's worth pointing out that "node-dlls" is an attempt on part of the threat actor to masquerade as the legitimate node-dll package, which offers a doubly linked list implementation for JavaScript. Similarly, rolimons-api is a deceptive variant of Rolimon's API. "While there are unofficial wrappers and modules β such as the rolimons Python package (downloaded over 17,000 times) and the Rolimons Lua module on GitHub β the malicious rolimons-api packages sought to exploit developers' trust in familiar names," Boychenko noted. The rogue packages incorporate obfuscated code that downloads and executes Skuld and Blank Grabber, stealer malware families written inβ¦Read More
