A large number of new malicious packages have been found in the npm repository, whose goal is to steal login credentials of Discord users (also known as Discord tokens). DevOps security firm JFRog ...

Here’s how to get your Discord token. QUICK ANSWER To obtain your Discord token, log in on the Discord website via your desktop browser. Click the three dots, choose More tools, then Developer ...

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users.

However, before encrypting, it steals the Discord tokens used by the platform to authenticate users when they enter their credentials to log-in to an account. Doing so enables the threat actors to ...

These user tokens are then uploaded back to a Discord channel under the attacker's control where they can be collected and used to log in as their victims.

Malicious npm packages are stealing Discord tokens JFrog researchers found 17 malicious packages that intentionally seek to attack and steal a user's site credentials.