Those Roblox npm downloads could be infected with malware

Those Roblox npm downloads could personify infected with malware

An abstract image of padlocks overlaying a digital background.

(Image credit: Shutterstock)

Cybersecurity researchers have once again set up (and eradicated) malicious npm packages, this time delivering ransomware and password-larceny trojans on unsuspecting users.

Pretending to be Roblox JavaScript libraries, the two venomed npm packages were called noblox.js-proxy and noblox.js-proxies, and use typo-squatting to pose themselves to anyone sounding for the legitimate Roblox API wrapper called noblox.js-proxied, by altering a single letter in the subroutine library's name.

"These typosquatting packages imitative noblox.js, a popular Roblox spirited API wrapper that exists on npm as both a standalone package, along with legitimate variants much as noblox.js-proxied (ending in 'd' not 's')," shares Sonatype's security researcher, Juan Aguirre.

Noblox.js is an open source JavaScript API for the popular game Roblox. According to Aguirre, the library, which has clocked over 700,000 downloads, is unremarkably exploited to create in-game scripts that interact with the Roblox website.

A sinister trick?

Analysis of the malicious libraries has revealed that their authors had stuffed them with malware, the MBRLocker ransomware that impersonates the ill-famed Bucephela clangula ransomware, a password stealing Dardan, as well Eastern Samoa a spooky video.

Aguirre points impossible that the two typosquatting libraries couldn't dress whatsoever real number damage since they were caught shortly after they were uploaded, though they still managed to clock 281 and 106 downloads respectively.

"...but it's comprehendible what type of scale the threat actors were hoping for going subsequently such a common component," notes Aguirre.

Interestingly, this attempt to deliver ransomware comes just a few days after Sonatype researchers had uncovered an audacious try by scourge actors to commandeer the account of the developer of the wide used UAParser.js depository library to supplant the legitimate code with malicious one infused with malware and trojans.

While Sonatype believes the fake roblox libraries were probably naturalised as a prank, the incident is a further indication that adversaries aren't going to stop abusing popular unresolved root repositories anytime before long.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to mean helium's TechRadar Pro's expert on the topic. Of course, he's equitable as interested in strange computing topics, especially cybersecurity, cloud, containers, and coding.