Hundreds of malware-laden fake npm packages posted online to try and trick developers

You May Be Interested In:ChatGPT is going to be less constrained on sensitive topics, according to OpenAI




  • Criminals are adding hundreds of malicious packages to npm
  • The packages try to fetch a stage-two payload to infect the machines
  • The crooks went to lengths to hide where they host the malware

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.

Cybersecurity researchers from Phylum have warned a threat actor has uploaded hundreds of malicious packages to the open source package repository npm. The packages are typosquatted versions of Puppeteer and Bignum.js. Developers who are in need of these packages for their products, might end up downloading the wrong version by mistake, since they all come with similar names.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Crossing the AI threshold: redefining how consumers use their mobile devices
“Does generative AI replace people? I strongly don’t believe so” – AWS generative AI VP on the future of work, agents and why Amazon can lead the way
Samsung wants to build its first AI data center as it seeks to crack $1 billion dollar annual sales in cloud services
Quite a lot of Brits have never heard of data centers
The EU Digital Identity Wallet lands in Italy despite privacy concerns
The EU Digital Identity Wallet lands in Italy despite privacy concerns
Ever miss the classic HBO channels? Well, Max is now testing a similar experience that solves the conundrum of what to watch
Ever miss the classic HBO channels? Well, Max is now testing a similar experience that solves the conundrum of what to watch
We loved the Samsung Q80D when we tested it and it's back to a record-low price for Presidents' Day
We loved the Samsung Q80D when we tested it and it’s back to a record-low price for Presidents’ Day
Alien: Romulus finally gets a Disney Plus release date three months after it landed on Hulu, and it'll be with us very soon
Alien: Romulus finally gets a Disney Plus release date three months after it landed on Hulu, and it’ll be with us very soon
Global Gazette | © 2024 | News