"Evolving npm Package Campaign Targets Roblox Devs, for Years"

For at least a year, attackers have used malicious Node Package Manager (npm) packages mimicking the popular "noblox.js" library to infect Roblox game developers with malware. The malware steals Discord tokens and system data, as well as deploys additional payloads. Checkmarx researchers say the campaign involves brandjacking, combosquatting, and starjacking. This article continues to discuss findings regarding the evolving npm package campaign targeting Roblox game developers.

Dark Reading reports "Evolving npm Package Campaign Targets Roblox Devs, for Years"

Submitted by grigby1
 

Submitted by Gregory Rigby on