Last Updated on 08/12/2021 by Riya
A set of malicious programs in the Node.js package management (npm) code repository are trying to capture Discord tokens, which can be exploited to hijack users’ accounts and servers without their knowledge. The npm repository allows JavaScript developers to distribute and reuse code modules.
Because they can be employed as building blocks in a range of web apps, the packages could pose a supply-chain risk. Hazardous code can infect any application, making it vulnerable to cyberattacks. As shown in the report by the JFrog Security study team, a total of 17 hazardous packages were distributed, each with different payloads and techniques.
Yet, they were all developed with Discord in mind, a digital conference network with 350 million active users that facilitated interaction via audio, video, text, and file sharing. Experts noted in a Wednesday warning that the packages’ payloads ranged from info stealers to full remote-access vulnerabilities.
In fact, the programs use a variety of attack strategies, such as typosquatting, dependency misunderstanding, and trojan functionality. Discord servers are widely exploited as covert command-and-control (C2) servers, allowing a remote access trojan or perhaps a whole botnet to be operated secretly.
Vulnerable Discord servers can also be leveraged as an unknown information gathering route since any hacking involving these credentials will be surveilled to the genuine user rather than the threat actor.
Hacked Discord connections can also be leveraged for social engineering, which allows the malware to be disseminated manually or automatically using a virus. As per the JFrog,
“User is significantly more prone to receive and run an arbitrary file from a mate’s Discord profile than a file shared by a random person.”