The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers

From theregister.com

Screenshot of Discord solicitation to install malicious packages

Since early September, Josh Muir and five other maintainers of the noblox.js package, have been trying to prevent cybercriminals from distributing ransomware through similarly named code libraries.

Noblox.js is a wrapper for the Roblox API, which many gamers use to automate interactions with the hugely popular Roblox game platform. And for the past few months the software has been targeted by “a user who is hell-bent on attacking our user-base with malware, and continues to make packages to this end,” explained Muir in an email to The Register.

This miscreant, with the assistance of at least one other, has been “typosquatting” the noblox.js package by uploading similarly named packages that deliver ransomware to NPM, a registry for open source JavaScript libraries, and then promoting the malware-laden files via Discord, a messaging and chat service.

Read more…