Malicious component called fallguys lived on npm downloads impersonating an API for the popular video game, Fall Guys: Ultimate Knockout. The malicious component would pry on files and upload them to a third-party Discord server, e.g. via webhooks. The Sonatype Security Research team was able to quickly analyze the malware. In this Nexus Intelligence Insights post, we share a first look inside fallGuys. The malware was likely created with malicious intent from the beginning.”]
Source: https://blog.sonatype.com/inside-the-fallguys-malware