![More than a dozen malwares found in NPM Packages More than a dozen malwares found in NPM Packages](https://varindia.com/storage/news/uploads/2018/02/61b345539848a.jpg)
17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems.
The packages' payloads are varied, ranging from info stealers up to full remote access backdoors. Additionally, the packages have different infection tactics, including typo squatting, dependency confusion and trojan functionality.
Collaboration and communication tools like Discord and Slack have become handy mechanisms for cybercriminals, with Discord servers integrated into the attack chains for remotely controlling the infected machines and even to extract data from the victims.
The theft of Discord access tokens could enable threat actors to use the platform as a covert data exfiltration channel, distribute malware to other Discord users, and even sell Discord Nitro premium accounts to other third-parties, who can use them for their own campaigns.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.