Malicious Package Affecting noblox.js-proxy package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-NOBLOXJSPROXY-1767970
- published 27 Oct 2021
- disclosed 27 Oct 2021
- credit Sonatype Security Research Team
How to fix?
Avoid using all malicious instances of the noblox.js-proxy
package.
Overview
noblox.js-proxy is a malicious package. These typosquatting packages mimic noblox.js, a popular Roblox game API wrapper that exists on npm as both a standalone package.
These malware are known to include remote access trojan (RAT) and ransomware functionalities.
References
CVSS Scores
version 3.1