Severity: critical

Malicious Package

fallguys

Overview

fallguys contained malicious code that attempted to read local sensitive files and exfiltrate information through a Discord webhook. The code attempted to access the following paths available on Windows systems:

  • /AppData/Local/Google/Chrome/User\x20Data/Default/Local\x20Storage/leveldb
  • /AppData/Roaming/Opera\x20Software/Opera\x20Stable/Local\x20Storage/leveldb
  • /AppData/Local/Yandex/YandexBrowser/User\x20Data/Default/Local\x20Storage/leveldb
  • /AppData/Local/BraveSoftware/Brave-Browser/User\x20Data/Default/Local\x20Storage/leveldb
  • /AppData/Roaming/discord/Local\x20Storage/leveldb

Remediation

Remove the package from your system and ensure any compromised credentials are rotated.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Aug 25th, 2020
  2. reported

    Reported by Anonymous
    Aug 25th, 2020