Malicious npm package caught trying to steal sensitive Discord and browser files



The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users’ browser and Discord application.

The malicious package was a JavaScript library named “fallguys” that claimed to provide an interface to the “Fall Guys: Ultimate Knockout” game API.

Read more…