Typosquatting Threat: Malicious npm Packages Deploying Luna Token Grabber

  • 13 September 2023
  • 1 reply
Typosquatting Threat: Malicious npm Packages Deploying Luna Token Grabber
Userlevel 7

The problem here is the discovery of more than a dozen malicious packages on the npm (Node Package Manager) repository since the beginning of August 2023. These packages have the capability to deploy an open-source information stealer known as Luna Token Grabber onto systems belonging to Roblox developers. The malicious packages masquerade as a legitimate package called "noblox.js," which is an API wrapper used for creating scripts that interact with the Roblox gaming platform.



These malicious packages could potentially compromise the security and privacy of Roblox developers by deploying an information stealer.

The packages were downloaded 963 times before they were taken down, which means that a significant number of developers may have been affected.

The attack demonstrates a trend of malicious actors using typosquatting to trick developers into downloading malicious code, which can have wide-reaching implications for the trustworthiness of software supply chains.

How Threat Modeling Can Help Solve the Problem


Threat modeling is a valuable approach for identifying and mitigating security risks in software systems and supply chains. In this context, threat modeling can assist in addressing the issues highlighted in the article.

Identify attack vectors

Threat modeling can help identify potential attack vectors, such as typosquatting, on package repositories like npm. It helps pinpoint where security vulnerabilities might be introduced.

Assess vulnerabilities

By analyzing attack vectors and vulnerabilities in the software supply chain, threat modeling can provide insights into how malicious packages could be introduced and how they might exploit weaknesses.

Mitigate risks

Threat modeling enables organizations to develop and implement countermeasures to mitigate risks. This may involve improving package validation processes, enhancing monitoring of package repositories, or educating developers about security best practices.

Analyze impact

Threat modeling helps organizations assess the potential impact of security incidents. In this case, it can help organizations understand the consequences of malicious packages being downloaded and executed on developers' systems.

Continuously improve security

Threat modeling is not a one-time activity; it should be part of an ongoing security strategy. Regular threat modeling can help organizations stay vigilant against emerging threats and adapt their security measures accordingly.


Threat modeling can guide npm repository maintainers and Roblox developers in enhancing their security practices. It can also help identify specific steps to prevent similar incidents in the future, such as implementing stricter package validation and monitoring processes, and raising awareness about the risks of typosquatting.


Threat modeling is a proactive approach to security that can help organizations better understand and mitigate potential threats and vulnerabilities in their software supply chains, ultimately improving the overall security of their systems and applications.


Stay secure: Learn how to protect your software supply chain today with ThreatModeler.


1 reply

Userlevel 2
Badge +3

I remember when typosquatting was prevalent with domain names. There’s a ton of common words that are mistyped all the time. The muscle memory is to then hit enter before correcting the typo and suddenly your screen is taken over and all controls to peripherals are removed. If you’re lucky, a system restart is enough. If you had auto-download enabled, it was not a good time, haha.