Malicious Package Affecting grabbir package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-GRABBIR-2423068
- published 15 Mar 2022
- disclosed 15 Mar 2022
- credit Ax Sharma, Cody Nash, Juan Aguirre, Ali ElShakankiry
How to fix?
Avoid using all malicious instances of the grabbir
package.
Overview
grabbir is a malicious package.
This package uses "typosquatting" to bait unaware users to install it. This package contains Discord token stealers and code that peeks into your web browser's leveldb
files.
References
CVSS Scores
version 3.1