Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager (npm) repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hiding an open-source token logger alongside a novel JavaScript malware in npm packages.

Read full article on Threat Post