Description of the proc-title package (Translation: This package correctly capitalizes your titles as per the Chicago manual of style)
Data is exfiltrated to Replit-hosted instances:
Kaspersky solutions detect the threat with the following verdicts:
We are constantly monitoring the updates to repositories to ensure that all new malicious packages are detected.
|Package name||Version||Timestamp (UTC)|
We covered the incident in more detail in a private report delivered to customers of our Threat Intelligence Portal.
Article Link: LofyLife: malicious npm packages steal Discord tokens and bank card data | Securelist