ZDNet

Npm package caught stealing sensitive Discord and browser files

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...
Bleeping Computer

Malicious NPM project steals Discord accounts, browser info

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. NPM is a JavaScript package manager that allows developers to ...
techtimes

Npm Package Steals Sensitive Files Targeting Google Chrome, Brave, Opera, Yandex, Discord Messaging App

Sonatype security researchers found malicious code in an npm package, which is designed to steal sensitive files from Google Chrome, Brave, Opera, Yandex browsers and Discord application. Sonatype is ...