Malicious NPM Libraries Caught Installing Password Stealer and Ransomware

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware.
The bogus packages — named “noblox.js-proxy” and “noblox.js-proxies” — were found to