all InfoSec news
Fake Roblox packages target npm with Luna Grabber information stealing-malware
ReversingLabs Blog blog.reversinglabs.com
ReversingLabs researchers have identified more than a dozen malicious packages on the npm public repository since the beginning of August, including multi-stage malicious packages that placed Luna Grabber, open source information stealing malware, on infected systems. In a replay of an attack uncovered two years ago, the malicious packages imitated the legitimate package noblox.js, a Node.js Roblox API wrapper used to write scripts that interact with the Roblox gaming platform.
attack august fake information information stealing luna malicious malicious packages malware npm open source packages public replay repository researchers reversinglabs roblox software supply chain security stage stealing systems target threat research uncovered