Rapid Response: Search for malicious discord tokens in the npm repository

December 14, 2021
by
JupiterOne Team

On December 8, 2021, our friends at jFrog published an article, "Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed". 

From jFrog: "We are now sharing the findings of our most recent body of work — disclosing 17 malicious packages in the npm (Node.js package manager) repository that were picked up by our automated scanning tools. Many of them intentionally seek to attack a user's Discord token, which is a set of letters and numbers that act as an authorization code to access Discord's servers. It is effectively a user's credentials. Put plainly: obtaining a victim's Discord token gives the attacker full access to the victim's Discord account.

JupiterOne response to our clients

This query form is for our customers who are using our npm-inventory script to ingest NPM CodeModule dependencies. Security Operations or DevSecOps teams can use the npm-inventory script to inventory a set of code repos (or exhaustively clone them all locally for full coverage).

This script will ingest CodeRepo -USES-> CodeModule relationships into the J1 graph, that may be queried to search for vulnerable packages. In the query below, we'll search for packages affected by this weekend's disclosure related to discord token harvesting ...

FIND CodeRepo THAT USES AS u CodeModule AS cm WHERE
(cm.displayName = 'prerequests-xcode' and u.version = '1.0.4') or
(cm.displayName = 'discord-selfbot-v14' and u.version = '12.0.3') or
(cm.displayName = 'discord-lofy' and u.version = '11.5.1') or
(cm.displayName = 'discordsystem' and u.version = '11.5.1') or
(cm.displayName = 'discord-vilao' and u.version = '1.0.0') or
(cm.displayName = 'fix-error' and u.version = '1.0.0') or
(cm.displayName = 'wafer-bind' and u.version = '1.1.2') or
(cm.displayName = 'wafer-autocomplete' and u.version = '1.25.0') or
(cm.displayName = 'wafer-beacon' and u.version = '1.3.3') or
(cm.displayName = 'wafer-caas' and u.version = '1.14.20') or
(cm.displayName = 'wafer-toggle' and u.version = '1.15.4') or
(cm.displayName = 'wafer-geolocation' and u.version = '1.2.10') or
(cm.displayName = 'wafer-image' and u.version = '1.2.2') or
(cm.displayName = 'wafer-form' and u.version = '1.30.1') or
(cm.displayName = 'wafer-lightbox' and u.version = '1.5.4') or
(cm.displayName = 'octavius-public' and u.version = '1.836.609') or
(cm.displayName = 'mrg-message-broker' and u.version = '9998.987.376')

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

More blog posts by
JupiterOne Team

Stay Connected

Subscribe to the latest JupiterOne news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Keep Reading

Open Source Compliance, Endpoint and Vulnerability Management with Fleet | JupiterOne
July 24, 2024
Blog
Open Source Compliance, Endpoint and Vulnerability Management with Fleet

Here’s how Fleet integrates with JupiterOne to gain comprehensive insights and enhance the security in our environment.

Better Together: CAASM and EASM | JupiterOne
July 18, 2024
Blog
Better Together: Cyber Asset Attack Surface Management and External Attack Surface Management

Today, we’ll dig deeper into attack surface management and explore the benefits and differences across CAASM and EASM

Explore Gartner's insights on Attack Surface Management (ASM) and how innovations like CAASM, EASM, and DRPS are transforming cybersecurity. Learn how to stay ahead of cyber threats with proactive security measures and comprehensive asset management.
June 27, 2024
Blog
What You Need to Know from Gartner Innovation Insight: Attack Surface Management

Discover how Gartner's latest report on Attack Surface Management can help your organization enhance cybersecurity with proactive measures and asset visibility.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.