Malicious Package Affecting fast-requests package, versions >=0.0.0
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-FASTREQUESTS-451664
- published 21 Jul 2019
- disclosed 19 Jul 2019
- credit Unknown
How to fix?
Avoid using fast-requests
altogether.
Overview
fast-requests is a not currently in use, but was formerly occupied by another package.
This package is malicious. It contains obfuscated malware that uploads Discord user tokens to a remote server. This allows attackers to make purchases on behalf of users if they have credit cards linked to their Discord accounts.