Luna Grabber, an open-source information-stealing malware, has been recently identified as the primary payload of malicious npm packages, targeting developers working on the Roblox platform. Discovered by researchers at ReversingLabs, Luna Grabber is a highly customizable malware capable of stealing information from victims' web browsers, Discord applications, and local system configurations. This malware has shaken the developer community, particularly those involved with Roblox, as it exploits vulnerabilities through npm packages, potentially causing developers to unwittingly fall prey to its effects.
The campaign delivering Luna Grabber was uncovered in late August, when the malware began exploiting vulnerabilities in npm packages used by Roblox developers. The third stage executable connected to this campaign was found to be a PyInstaller-compiled executable serving Luna Grabber. Since the start of the following month, researchers have identified numerous malicious multistage packages on the npm public repository that implant Luna Grabber.
The open-source nature of Luna Grabber allows attackers to tailor the malware to their specific needs, indicating a strategic choice to target Roblox developers. The malware shares overlaps with other publicly available stealers like Creal Stealer and BlackCap Grabber, believed to be the work of a developer known online as Deathined. The focus on a particular user group suggests a more concentrated effort by cybercriminals to exploit specific vulnerabilities within certain communities or platforms.
Description last updated: 2024-09-03T19:15:38.785Z