Home / Companies / Socket / Blog / Post Details
Content Deep Dive

Roblox Developers Targeted with npm Packages Infected with S...

Blog post from Socket

Post Details
Company
Date Published
Author
Kirill Boychenko
Word Count
1,124
Company Posts That Month
15
Language
English
Hacker News Points
-
Post removed?
No
Summary

Roblox developers have been targeted by threat actors who introduced five malicious npm packages, including `node-dlls`, `ro.dll`, `autoadv`, and two versions of `rolimons-api`, designed to resemble legitimate modules used in the Roblox community. These packages aimed to deploy Skuld infostealer and Blank Grabber malware to steal credentials, financial information, and personal data, achieving over 320 downloads before their removal. The attack exploited trust within the open-source ecosystem by typosquatting popular packages and using platforms like GitHub for hosting malicious code and Discord and Telegram for command and control operations. This incident underscores the vulnerability of supply chain attacks in open-source environments and highlights the importance of vigilance and robust security practices among developers. Socket offers various tools, including a GitHub app, CLI tool, and web extensions, to detect and prevent the installation of malicious packages in real-time, helping developers safeguard against such threats.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.