Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware.
“By mimicking the popular ‘noblox.js’ library, attackers have published dozens of packages designed to steal sensitive data and compromise systems,” Checkmarx
“By mimicking the popular ‘noblox.js’ library, attackers have published dozens of packages designed to steal sensitive data and compromise systems,” Checkmarx