Bleeping Computer

Malicious NPM libraries install ransomware, password stealer

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. After the malicious NPM libraries are added to a project and ...
Dark Reading

Luna Grabber Malware Targets Roblox Gaming Devs

Since the start of this month, researchers at ReversingLabs have found a host of malicious, multistage packages on the npm public repository that implant an open source, information-stealing malware ...
Dark Reading

Evolving npm Package Campaign Targets Roblox Devs, for Years

Attackers for at least a year have been using malicious Node Package Manager (npm) packages that mimic the popular "noblox.js" library to target Roblox game developers with malware that steals Discord ...