October 22, 2024 at 06:18AM Cybersecurity researchers identified suspicious npm registry packages designed to steal Ethereum private keys and gain SSH access to victim machines. These packages impersonate legitimate libraries, requiring developers to use them to trigger malware. Previous similar attacks included a malicious package that exfiltrated keys to a server in China. ### Meeting … Read more
August 30, 2024 at 02:42AM Threat actors linked to North Korea are targeting developers with malware to steal cryptocurrency assets. The campaign involves publishing malicious packages to the npm registry. The attackers use various tactics, including fake job interviews and obfuscated JavaScript, to deploy malware and exfiltrate sensitive data. CrowdStrike has linked the group to … Read more
July 16, 2024 at 06:19AM Cybersecurity researchers discovered two malicious packages on the npm registry containing backdoor code for executing commands from a remote server. The packages, disguised as legitimate libraries, were taken down after being downloaded 190 and 48 times. The code was designed to execute disguised command and control functionality hidden in image … Read more
June 3, 2024 at 10:25AM Cybersecurity researchers found a suspicious package in the npm registry called glup-debugger-log, disguising as a toolkit logger. It has been downloaded 175 times and contains obfuscated files deploying a remote access trojan. The package uses a series of checks before launching a JavaScript file for persistence and executing arbitrary commands. … Read more
March 21, 2024 at 10:52AM Researchers at JFrog have uncovered over 800 npm registry packages with discrepancies from their registry entries, 18 of which exploit a technique called manifest confusion. This technique can trick developers into running malicious code by supplying a different manifest with hidden dependencies during installation. They stress the importance of verifying … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more
January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are … Read more
January 4, 2024 at 04:56AM The npm package registry was flooded with over 3,000 packages during the holidays, leading to the creation of the “everything” package. Installing “everything” results in the download of every npm package, causing storage and performance issues. Authors are unable to remove their packages due to its dependency chain, which has … Read more
December 15, 2023 at 07:21PM Ledger, a cryptocurrency wallet maker, was targeted by a malicious code inserted into its Connect Kit JavaScript library. The code rerouted funds to a hacker’s wallet, resulting in a loss of over $610,000. Despite security measures, a former employee’s compromised credentials were exploited. Ledger asserts the issue has been addressed, … Read more