Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

November 8, 2024 at 07:51AM A new campaign targets the npm package repository with malicious JavaScript libraries that infect Roblox users with stealer malware. The attack exploits trust in open-source ecosystems using deceptive packages and public platforms for operations. Developers are urged to verify package names and scrutinize source code to enhance security practices. ### … Read more

Ongoing typosquatting campaign impersonates hundreds of popular npm packages

November 5, 2024 at 11:32AM A typosquatting campaign is targeting developers through similar-named malicious JavaScript npm packages, leading to info-stealing malware. Originating in October, it employs Ethereum smart contracts for command and control, complicating detection. Researchers emphasize the need for stricter package management and authentication to protect development environments from these attacks. Here are the … Read more

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

August 6, 2024 at 08:06AM North Korean threat actor Moonstone Sleet is distributing malicious npm packages to infect Windows systems. Security researchers are tracking the threat actor, which is linked to a newly discovered North Korean malicious activity cluster. The actor’s attack chains involve bogus ZIP archives and fake technical skills assessments to deliver malicious … Read more

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

July 9, 2024 at 01:07AM Unknown threat actors have propagated trojanized versions of jQuery on npm, GitHub, and jsDelivr in a “complex and persistent” supply chain attack. Approximately 68 packages were linked to the campaign, exhibiting high variability and clever hiding techniques. The attacker introduced malicious changes in the “end” function, enabling the exfiltration of … Read more

Polyfill claims it has been ‘defamed’, returns after domain shut down

June 27, 2024 at 06:57AM The Polyfill.io JavaScript CDN service was shut down due to researchers discovering malicious code being delivered to over 100,000 websites. The service has since been relaunched on a new domain, polyfill.com, claiming to have no supply chain risks. However, doubts remain due to security practitioners’ findings and concerns raised by … Read more