Malicious NPM package disguises itself to steal Roblox data

Malicious NPM package disguises itself to steal Roblox data

Features Writer

    A new threat to Roblox players comes in the form of a malicious impersonator of official Noblox.js and Noblox.js open-source downloads.

    Noblox.js is an open-source Roblox API wrapper written in JavaScript that interacts with the game’s website.

    Seeing 1,642 weekly downloads, this is one of Roblox’s most popular third-party node packet manager (NPM) downloads.

    How has this unsafe NPM tricked Roblox users?

    NPN is the world’s largest software registry and the popular route for developers to share and install software relating to Java Script Object Notation (JSON), a lightweight format for storing and transporting data.

    As reported by the Socket, the malicious NPM package is named noblox.js-proxy-server. Similar in name to the legitimate open-source Noblox.js.

    According to the Socket Research Team, three techniques were used to make the malware seem legitimate: brandjacking, typosquatting, and starjacking.

    Although these terms may seem overcomplicated, they are terminology used to identify how a malicious digital entity can present itself competently.

    Brandjacking — A super simple term that impersonates a brand to gain legitimacy, hoping those not casting a keen eye will be duped.

    Typosquatting — This is the space in between where a malicious entity benefits from that half-attempted search or typo, bringing the user into a place that looks legitimate enough but is, in fact a trap for unsuspecting users.

    Starjacking — A slightly more elaborate way of linking an existing brand or models reviews and star-ratings without having anything to do with the product. Think about someone stealing all your positive eBay reviews or as a clone of a well-rated Instagram account.

    The Socket Team uncovered that the evil NPM is designed to retrieve data, such as the Roblox username, and repeatedly scans files with specific extensions and adds them to a zip archive.

    This zip file is then uploaded to a server on a specified URL. It sends a webhook to a Discord server with information on the uploaded file, prompting the same process to be repeated every 4,000 milliseconds.

    Thanks to the Socket Team, awareness has been brought about this vindictive digital threat to the 70.2 million daily users and 216 million monthly active gamers on Roblox.

    In related Roblox news, the game announced a development on the artificial intelligence (AI) front with a real-time text translation tool for users.

    Image: photo by Sora Shimazaki; Pexels

    The post Malicious NPM package disguises itself to steal Roblox data appeared first on ReadWrite.


    Brian-Damien Morgan

    Features Writer

    Brian-Damien Morgan is an award-winning journalist and features writer. He was lucky enough to work in the print sector for many UK newspapers before embarking on a successful career as a digital broadcaster and specialist. His work has spanned the public and private media sectors of the United Kingdom for almost two decades. Since 2007, Brian has continued to add to a long list of publications and institutions, most notably as Editor of the Glasgow 2014 Commonwealth Games, winning multiple awards for his writing and digital broadcasting efforts. Brian would then go on to be integral to the Legacy 2014,…