Sonatype security researchers found malicious code in an npm package, which is designed to steal sensitive files from Google Chrome, Brave, Opera, Yandex browsers and Discord application.
Sonatype is a security company that offers developer security operations (DevSecOps) services, so it also monitors public package repositories. The company said discord.dll has been downloaded for more than 100 times since it was published over five months…
Source link
