A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Supply Chain Attack on Rspack npm Packages Injects Cryptojac...
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
Persistent npm Campaign Shipping Trojanized jQuery
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek
Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.
Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers
Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.
Fake Roblox packages target npm with Luna Grabber information-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Hijacking S3 Buckets: New Attack Technique
Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM
Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.
npm Supply Chain Attack Targeting Germany-Based Companies
The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM
Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.