From theregister.com
Since early September, Josh Muir and five other maintainers of the noblox.js package, have been trying to prevent cybercriminals from distributing ransomware through similarly named code libraries.
Noblox.js is a wrapper for the Roblox API, which many gamers use to automate interactions with the hugely popular Roblox game platform. And for the past few months the software has been targeted by “a user who is hell-bent on attacking our user-base with malware, and continues to make packages to this end,” explained Muir in an email to The Register.
This miscreant, with the assistance of at least one other, has been “typosquatting” the noblox.js package by uploading similarly named packages that deliver ransomware to NPM, a registry for open source JavaScript libraries, and then promoting the malware-laden files via Discord, a messaging and chat service.