The Node Packet Manager (npm) security team has removed a malicious JS library named “fallguys” that claimed to provide an interface to the “Fall Guys: Ultimate Knockout” game API. The malicious package present in the library would get executed whenever developers installed and ran the “fallguys” library in their code. The malicious code attempted to read data from five locations in the system where it gets executed. The first four locations pertain to LevelDB databases specific to Chrome, Opera, Yandex Browser and Brave. These files contain a user’s browsing data. The fifth location being accessed was a LevelDB database for the Discord Windows client, searching for information like channels joined or other channel specific data. The library was available for two weeks and was downloaded nearly 300 times. Developers are hence advised to remove these malicious packages from their projects.

CyberManipal.

Malicious npm package caught trying to steal sensitive Discord and browser files

August 27, 2020

More of MIST

About MIST