Malicious NPM libraries install ransomware, password stealer

Thread starter LASER_oneXM
Start date Oct 27, 2021

LASER_oneXM

Level 37

Thread author

Verified

Top Poster

Well-known

Forum Veteran

Oct 27, 2021

#1

Content source: https://www.bleepingcomputer.com/news/security/malicious-npm-libraries-install-ransomware-password-stealer/

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.

The two NPM packages are named noblox.js-proxy and noblox.js-proxies, and use typo-squatting to pretend to be the legitimate Roblox API wrapper called noblox.js-proxied by changing a single letter in the library's name.

Reactions: Gandalf_The_Grey and The_King

You must log in or register to reply here.

You may also like...

Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
- Started by Khushal
- Sep 23, 2025
- Replies: 3
News Archive
Malware News Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages
- Started by Khushal
- Nov 11, 2025
- Replies: 1
Security News
Malware News New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
- Started by Brownie2019
- Dec 23, 2025
- Replies: 2
Security News
Daily Cybersecurity Roundup – July 25 2025
- Started by Bot
- Jul 25, 2025
- Replies: 4
News Archive
Security News New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
- Started by Brownie2019
- Jan 26, 2026
- Replies: 24
Security News

Share:

Facebook X Bluesky LinkedIn Reddit WhatsApp Email Link