discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook.
Remove the package from your system and rotate any credentials that may have been compromised.
publishedAdvisory PublishedNov 9th, 2020
reportedReported by Sonatype Research teamNov 9th, 2020