❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 22 May 2025Main stream

Destructive malware available in NPM repo went unnoticed for 2 years

βœ‡Latest Tech News from Ars Technica
By: Dan Goodin
22 May 2025 at 12:15

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

A diversity of attack vectors

β€œWhat makes this campaign particularly concerning is the diversity of attack vectorsβ€”from subtle data corruption to aggressive system shutdowns and file deletion,” Pandya wrote. β€œThe packages were designed to target different parts of the JavaScript ecosystem with varied tactics.”

Read full article

Comments

Β© Getty Images

Before yesterdayMain stream

Yearlong supply-chain attack targeting security pros steals 390K credentials

βœ‡Latest Tech News from Ars Technica
By: Dan Goodin
13 December 2024 at 13:46

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.

The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.

Unusual longevity

The objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.

Read full article

Comments

Β© Getty Images

❌
❌