Evolving NPM Package Campaign Targets Roblox Devs, For Years

September 3, 2024 at 12:17PM Malicious npm packages mimicking “noblox.js” are targeting Roblox developers, stealing Discord tokens and system data, and deploying additional payloads. Checkmarx researchers highlighted the campaign’s use of social engineering tactics like brandjacking and starjacking to appear legitimate. The malware also incorporates novel tactics, such as adding the QuasarRAT and manipulating the … Read more