Malicious Package Affecting node-dlls package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-NODEDLLS-8366345
- published 10 Nov 2024
- disclosed 7 Nov 2024
- credit Kirill Boychenko
How to fix?
Avoid using all malicious instances of the node-dlls
package.
Overview
node-dlls is a malicious package. This package contains malicious code specifically designed to infect Roblox users with open-source Skuld and Blank Grabber stealer malware that are capable of harvesting a wide range of information from infected systems. The captured data is then exfiltrated to the attacker via Discord webhook or Telegram.