A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Supply Chain Attack on Rspack npm Packages Injects Cryptojac...
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
Persistent npm Campaign Shipping Trojanized jQuery
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek
Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.
Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers
Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
Hijacking S3 Buckets: New Attack Technique
Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones