Severity: critical

    Malicious Package

    fallguys

    Overview

    fallguys contained malicious code that attempted to read local sensitive files and exfiltrate information through a Discord webhook. The code attempted to access the following paths available on Windows systems:

    • /AppData/Local/Google/Chrome/User\x20Data/Default/Local\x20Storage/leveldb
    • /AppData/Roaming/Opera\x20Software/Opera\x20Stable/Local\x20Storage/leveldb
    • /AppData/Local/Yandex/YandexBrowser/User\x20Data/Default/Local\x20Storage/leveldb
    • /AppData/Local/BraveSoftware/Brave-Browser/User\x20Data/Default/Local\x20Storage/leveldb
    • /AppData/Roaming/discord/Local\x20Storage/leveldb

    Remediation

    Remove the package from your system and ensure any compromised credentials are rotated.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Aug 25th, 2020
    2. reported

      Reported by Anonymous
      Aug 25th, 2020