1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Those Roblox npm downloads could be infected with malware

    From TechnologyDaily@1337:1/100 to All on Thu Oct 28 18:15:04 2021
    Those Roblox npm downloads could be infected with malware

    Date:
    Thu, 28 Oct 2021 15:57:28 +0000

    Description:
    Typosquat variants of popular libraries pushed all kinds of trojans, and malware including ransomware, on unsuspecting users.

    FULL STORY ======================================================================

    Cybersecurity researchers have once again found (and eradicated) malicious npm packages, this time delivering ransomware and password-stealing trojans
    on unsuspecting users.

    Pretending to be Roblox JavaScript libraries, the two malicious npm packages were named noblox.js-proxy and noblox.js-proxies, and use typo-squatting to present themselves to anyone looking for the legitimate Roblox API wrapper called noblox.js-proxied, by altering a single letter in the library's name.

    These typosquatting packages mimic noblox.js, a popular Roblox game API wrapper that exists on npm as both a standalone package, along with
    legitimate variants such as noblox.js-proxied (ending in d not s), shares Sonatypes security researcher, Juan Aguirre. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    Noblox.js is an open source JavaScript API for the popular game Roblox . According to Aguirre, the library, which has clocked over 700,000 downloads, is commonly used to create in-game scripts that interact with the Roblox website. A sinister prank?

    Analysis of the malicious libraries has revealed that their authors had stuffed them with malware , the MBRLocker ransomware that impersonates the notorious GoldenEye ransomware, a password stealing trojan, as well as a spooky video.

    Aguirre points out that the two typosquatting libraries couldnt do any real damage since they were caught not long after they were uploaded, though they still managed to clock 281 and 106 downloads respectively.

    ...but its clear what type of scale the threat actors were hoping for going after such a popular component, notes Aguirre.

    Interestingly, this attempt to deliver ransomware comes just a few days after Sonatype researchers had uncovered an audacious attempt by threat actors to hijack the account of the developer of the widely used UAParser.js library to replace the legitimate code with malicious one infused with malware and trojans.

    While Sonatype believes the fake roblox libraries were probably planted as a prank, the incident is a further indication that adversaries arent going to stop abusing popular open source repositories anytime soon.



    ======================================================================
    Link to news story: https://www.techradar.com/news/those-roblox-npm-downloads-could-be-infected-wi th-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)