Home / Companies / Socket / Blog / Post Details
Content Deep Dive

Malicious npm Package Masquerades as Noblox.js, Targeting Ro...

Blog post from Socket

Post Details
Company
Date Published
Author
Socket Research Team
Word Count
877
Company Posts That Month
5
Language
English
Hacker News Points
-
Post removed?
No
Summary

A malicious npm package named noblox.js-proxy-server is targeting Roblox users by masquerading as the legitimate Noblox.js package, aiming to steal sensitive data through brandjacking and combosquatting techniques. The package uses static obfuscation to conceal its malicious code, which retrieves users' usernames, scans directories for specific file types, and zips and uploads these files to a remote server. It further executes a remote batch file to enhance its malicious capabilities, demonstrating sophisticated techniques for data exfiltration and system manipulation. This attack impacts both players and developers on the platform, potentially compromising projects and exposing sensitive user information, especially since a significant portion of Roblox's user base comprises children under 13. The malicious package uses various methods, including sending information to a Discord webhook, to validate the uploaded files, highlighting the ongoing challenge of maintaining security within expansive platforms like Roblox.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.