This is a news story, published by Ars Technica, that relates primarily to NPM JavaScript news.
For more NPM JavaScript news, you can click here:
more NPM JavaScript newsFor more software applications news, you can click here:
more software applications newsFor more news from Ars Technica, you can click here:
more news from Ars TechnicaOtherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about
fake AWS packages. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest legitimate JavaScript library news, open source backdoor news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!
malicious packagesArs Technica
•75% Informative
Two fake AWS packages were downloaded hundreds of times from open source NPM JavaScript repository.
The packages were attempts to appear as aws-s3-object-multipart-copy, a library for copying files using Amazon ’s S3 cloud service.
One of those images contained code fragments that, when reconstructed, formed code for backdooring the developer device.
Command-and-Control in a JPEG is a command command.
We find that the Intel logo does not contain enough “valid” bytes to set the converttree variable to true.
The AMD logo and the Microsoft logo do not contain valid’ bytes.
The code registers the new client with the remote C2 by sending the following clientInfoto 85.208.108.29.
It then sets up an interval that periodically loops through and fetches commands from the attacker every 5 seconds .
Received commands are executed on the device, and the output is sent back to the attacker on the endpoint /post-results?clientId=
VR Score
67
Informative language
60
Neutral language
68
Article tone
formal
Language
English
Language complexity
56
Offensive language
not offensive
Hate speech
not hateful
Attention-grabbing headline
not detected
Known propaganda techniques
not detected
Time-value
long-living
External references
4
Source diversity
3
Affiliate links
no affiliate links