ZDNet

Npm package caught stealing sensitive Discord and browser files

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...
Bleeping Computer

Malicious NPM project steals Discord accounts, browser info

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. NPM is a JavaScript package manager that allows developers to ...
techtimes

Npm Package Steals Sensitive Files Targeting Google Chrome, Brave, Opera, Yandex, Discord Messaging App

Sonatype security researchers found malicious code in an npm package, which is designed to steal sensitive files from Google Chrome, Brave, Opera, Yandex browsers and Discord application. Sonatype is ...
TechRadar

Hackers have found a new way to hijack your Discord account

Cybercriminals have found a new way to steal your Discord account using the npm open-source repository alongside a couple of malware variants. As reported by Kaspersky, which first spotted the ...