NeXTSTEP Programming Mastermind
    Severity: critical

    Malicious Package



    The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook.


    Remove the package from your system and rotate any credentials that may have been compromised.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Nov 9th, 2020
    2. reported

      Reported by Sonatype Research team
      Nov 9th, 2020