A new malware campaign using npm registry as a mode of spreading. This Malware is debut as CursedGrabber. Its designed to steal Discord App Tokens, personal information such payment information and web browser files of the users. It is spread via xpc.js package at npm repository, which is taken down at the time of writing. It is contains node component that execute lib2.exe as after install node hook on windows.It written in C#.
Lib2.exe launch PowerShell.exe to download bundle-5.0.5.zip which contains additional malware. It contain osloader.exe, winresume.exe, Stealer.dll, Backdoor.dll, BackdoorApi.dll with total of 36 files.