Malicious actors have published two more typosquatted libraries to the official NPM repository that mimic a legitimate Roblox game API wrapper. The malicious NPM libraries have since been taken down and are no longer available. The disclosure mirrors a recent supply-chain attack aimed at UAParser.js, a popular JavaScript NPM library with over 6 million weekly downloads, that resulted in the developer’s account being hijacked to corrupt the package with cryptocurrency mining and credential-stealing malware, days after three other copycat crypto-mining packages were purged.”]
Source: https://thehackernews.com/2021/10/malicious-npm-libraries-caught.html