![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw5WioLH4sVWYPVGuxL2tuG88DHAgG6SiFfA1_196R6ZU38lIdJsjXAFxytOAOrwI3x1_uLJ9-yTVJX0WGkmG5JfURo8--EMbdrHLaWx_tROly-pczTrsv2gxvS0qMtxRL7oeG50PEI3JCW-f601ZU3N32g5B-4xocBw5SacKDvQ-k3AHwUplF0YcYzeGL/s1600/gacming.jpg)
More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers.
The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API
Source:: The Hackers News