Since the start of this month, researchers at ReversingLabs have found a host of malicious, multistage packages on the npm public repository that implant an open source, information-stealing malware known as Luna Grabber. To infect its victims, the packages imitate a legitimate package, such as noblox.js — “a Node.js Roblox API wrapper used to write scripts that interact with the Roblox gaming platform,”

Source: Dark Reading: Cloud