NeXTSTEP Programming Mastermind
    Severity: critical

    Malicious Package

    discord.dll

    Overview

    The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook.

    Remediation

    Remove the package from your system and rotate any credentials that may have been compromised.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Nov 9th, 2020
    2. reported

      Reported by Sonatype Research team
      Nov 9th, 2020