back to article Miscreants aim to cause Discord discord with malicious npm packages

Cybercriminals continue to use npm packages to drop malicious packages on unsuspecting victims, most recently to steal Discord login tokens, bank card data, and other user information from infected systems. Details of the latest npm campaign, dubbed "LofyLife" by Kaspersky threat intelligence hunters, comes at the same time …

  1. Plest Silver badge

    The use of public NPM repos always seems to bring the phrase "House of Cards" to mind!

  2. Wanting more

    nuget too

    We had an incident here where one of our developers accidentallyinstalled a Nuget package from a dodgy publisher (not Microsoft but a very close spelling). The package seemed to be from Russia. It was several months until this was noticed and the code had been deployed to test servers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like